View 46 Installation

VMware View Installation
View 4.6 View Manager 4.6 View Composer 2.6
This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
EN-000525-01
You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com
Copyright 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com
VMware, Inc.
Contents
1 System Requirements for Server Components 7

View Connection Server Requirements 7 View Administrator Requirements 9 View Composer Requirements 9 View Transfer Server Requirements 12
2 System Requirements for Client Components 15
Supported Operating Systems for View Agent 15 Supported Operating Systems for View Client and View Client with Local Mode Hardware Requirements for Local Mode Desktops 16 Client Browser Requirements for View Portal 18 Remote Display Protocol and Software Support 18 Adobe Flash Requirements 21 Smart Card Authentication Requirements 21
16
3 Preparing Active Directory 23
Configuring Domains and Trust Relationships 23 Creating an OU for View Desktops 24 Creating OUs and Groups for Kiosk Mode Client Accounts 24 Creating Groups for View Users 24 Creating a User Account for vCenter Server 24 Create a User Account for View Composer 25 Configure the Restricted Groups Policy 25 Using View Group Policy Administrative Template Files 26 Prepare Active Directory for Smart Card Authentication 26
4 Installing View Composer 29
Prepare a View Composer Database 29 Install the View Composer Service 36 Configuring Your Infrastructure for View Composer 38
5 Installing View Connection Server 39
Installing the View Connection Server Software 39 Configuring User Accounts for vCenter Server and View Composer 53 Configuring View Connection Server for the First Time 56 Configuring View Client Connections 60 Sizing Windows Server Settings to Support Your Deployment 63
VMware, Inc.
6 Installing View Transfer Server 71
Install View Transfer Server 71 Add View Transfer Server to View Manager 73 Configure the Transfer Server Repository 74 Firewall Rules for View Transfer Server 75 Installing View Transfer Server Silently 75
7 Configuring Certificate Authentication 79
Replacing the Default Certificate 79 Add keytool and openssl to the System Path 80 Use an Existing PKCS#12 Certificate and Private Key 80 Convert a PKCS#12 Keystore to JKS Format 82 Creating a New SSL Certificate 82 Configure a View Connection Server Instance or Security Server to Use a New Certificate 85 Configure a View Transfer Server Instance to Use a New Certificate 86 Configure SSL for Client Connections 87 Configure SSL for View Transfer Server Communications 88 Using Group Policy to Configure Certificate Checking in View Client 88
8 Creating an Event Database 89
Add a Database and Database User for View Events 89 Prepare an SQL Server Database for Event Reporting 90 Configure the Event Database 90
9 Installing and Starting View Client 93
Install the Windows-Based View Client or View Client with Local Mode 93 Start the Windows-Based View Client or View Client with Local Mode 94 Install View Client by Using View Portal 96 Install View Client on Mac OS X 97 Start View Client on Mac OS X 98 Set Printing Preferences for the Virtual Printer Feature on Windows Clients 100 Using USB Printers 101 Installing View Client Silently 101
Index 105
VMware, Inc.
VMWare View Installation explains how to install the VMware View server and client components.
Intended Audience
This information is intended for anyone who wants to install VMware View. The information is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology and datacenter operations.
VMware, Inc.
VMware, Inc.
System Requirements for Server Components
Hosts that run VMware View server components must meet specific hardware and software requirements. This chapter includes the following topics:
n n n n
View Connection Server Requirements, on page 7 View Administrator Requirements, on page 9 View Composer Requirements, on page 9 View Transfer Server Requirements, on page 12
View Connection Server Requirements

View Connection Server acts as a broker for client connections by authenticating and then directing incoming user requests to the appropriate View desktop. View Connection Server has specific hardware, operating system, installation, and supporting software requirements.
n
Hardware Requirements for View Connection Server on page 7 You must install View Connection Server on a 32-bit or 64-bit dedicated physical or virtual machine that meets specific hardware requirements.
Supported Operating Systems for View Connection Server on page 8 You must install View Connection Server on a supported operating system. Virtualization Software Requirements for View Connection Server on page 9 View Connection Server requires VMware virtualization software to function properly. Network Requirements for Replicated View Connection Server Instances on page 9 If you install replicated View Connection Server instances, configure the instances in the same location and connect them over a high-performance LAN.
Hardware Requirements for View Connection Server

You must install View Connection Server on a 32-bit or 64-bit dedicated physical or virtual machine that meets specific hardware requirements. Table 1-1. View Connection Server Hardware Requirements
Hardware Component Processor Networking Required Pentium IV 2.0GHz processor or higher One or more 10/100Mbps network interface cards (NICs) Recommended Dual processors 1Gbps NICs
VMware, Inc.
Table 1-1. View Connection Server Hardware Requirements (Continued)

Hardware Component Memory Windows Server 2008 64-bit Memory Windows Server 2003 32-bit 2GB RAM or higher Required 4GB RAM or higher Recommended At least 10GB RAM for deployments of 50 or more View desktops 6GB RAM for deployments of 50 or more View desktops, and enable Physical Address Extension (PAE) See the Microsoft KB article at http://support.microsoft.com/kb/283037.
These requirements also apply to replica and security server View Connection Server instances that you install for high availability or external access. IMPORTANT The physical or virtual machine that hosts View Connection Server must use a static IP address.
Supported Operating Systems for View Connection Server

You must install View Connection Server on a supported operating system. Table 1-2 lists the operating systems supported for View Connection Server. These operating systems support all View Connection Server installation types, including standard, replica, and security server installations. Table 1-2. Operating System Support for View Connection Server
Operating System Windows Server 2008 R2 Windows Server 2003 R2 Windows Server 2003 Version 64-bit 32-bit 32-bit Edition Standard Enterprise Standard Enterprise Standard Enterprise Service Pack N/A SP2 SP2
IMPORTANT If you use a Windows Server 2003 operating system, enable Physical Address Extension (PAE). See the Microsoft KB article at http://support.microsoft.com/kb/283037.
Operating System Requirement for the PCoIP Secure Gateway

Although you can install a security server on a Windows Server 2003 physical or virtual machine, if you want to use the PCoIP Secure Gateway component, the operating system must be 64-bit Windows Server 2008 R2. The PCoIP Secure Gateway component enables View Clients that use the PCoIP display protocol to use a security server rather than a VPN from outside the corporate firewall. You can pair a security server that runs on a 64-bit Windows Server 2008 R2 host with a Connection Server instance that runs on Windows Server 2003 or 2003 R2. Clients can still use the PCoIP Secure Gateway with this pair. IMPORTANT If you use a load balancer in front of multiple security servers, make sure all security servers use the same operating system.
VMware, Inc.
Chapter 1 System Requirements for Server Components
Virtualization Software Requirements for View Connection Server

View Connection Server requires VMware virtualization software to function properly.
n n
If you are using vSphere, you must have vSphere 4.0 Update 2 or later or vSphere 4.1 or later. If you are using VMware Infrastructure, you must have VMware Infrastructure 3.5 Update 5 and VirtualCenter Server 2.5 Update 6. Both ESX and ESXi hosts are supported.
Network Requirements for Replicated View Connection Server Instances

If you install replicated View Connection Server instances, configure the instances in the same location and connect them over a high-performance LAN. Do not use a WAN to connect replicated View Connection Server instances. Even a high-performance WAN with low average latency and high throughput might have periods when the network cannot deliver the performance characteristics that are needed for View Connection Server instances to maintain consistency. If the View LDAP configurations on View Connection Server instances become inconsistent, users might not be able to access their desktops. A user might be denied access when connecting to a View Connection Server instance with an out-of-date configuration.
View Administrator Requirements

Administrators use View Administrator to configure View Connection Server, deploy and manage desktops, control user authentication, initiate and examine system events, and carry out analytical activities. Client systems that run View Administrator must meet certain requirements. View Administrator is a Web-based application that is installed when you install View Connection Server. You can access and use View Administrator with the following Web browsers:
n n n n
Internet Explorer 7 Internet Explorer 8 Firefox 3.0 Firefox 3.5
To use View Administrator with your Web browser, you must install Adobe Flash Player 10. Your client system must have access to the internet to allow Adobe Flash Player to be installed. To display text properly, View Administrator requires Microsoft-specific fonts. If your Web browser runs on a non-Windows operating system such as Linux, UNIX, or Mac OS, make sure that Microsoft-specific fonts are installed on your computer. Currently, the Microsoft Web site does not distribute Microsoft fonts, but you can download them from independent Web sites.
View Composer Requirements

View Manager uses View Composer to deploy multiple linked-clone desktops from a single centralized base image. View Composer has specific installation and storage requirements.
n
Supported Operating Systems for View Composer on page 10 View Composer supports 64-bit and 32-bit operating systems with specific requirements and limitations. You must install View Composer on the same physical computer or virtual machine as vCenter Server.
VMware, Inc.
Database Requirements for View Composer on page 10 View Composer requires an SQL database to store data. The View Composer database must reside on, or be available to, the vCenter Server computer.
Virtualization Software Requirements for View Composer Features on page 11 You must create linked-clone virtual machines on hosts that run ESX/ESXi 4 or later, and you must configure linked-clone pools in vSphere mode, to take advantage of several View Composer and vSphere features.
Supported Operating Systems for View Composer

View Composer supports 64-bit and 32-bit operating systems with specific requirements and limitations. You must install View Composer on the same physical computer or virtual machine as vCenter Server.
64-Bit Operating Systems

Table 1-3 lists the 64-bit operating systems supported for View Composer. Standard and Enterprise editions are supported. Table 1-3. 64-Bit Operating System Support for View Composer
vCenter Server Version 4.1 and later 4.1 and later 4.1 and later 4.1 and later 4.0 Update 2 and later Operating System Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 R2 Windows Server 2003 Windows Server 2008 Service Pack N/A SP2 SP2 SP2 SP2
32-Bit Operating Systems

Table 1-4 lists the 32-bit operating systems supported for View Composer. Standard and Enterprise editions are supported. Table 1-4. 32-Bit Operating System Support for View Composer
vCenter Server Version 4.0 Update 2 and later 2.5 Update 6 2.5 Update 6 Operating System Windows Server 2003 Windows Server 2003 R2 Windows Server 2003 Service Pack SP2 SP2 SP2
Database Requirements for View Composer

View Composer requires an SQL database to store data. The View Composer database must reside on, or be available to, the vCenter Server computer. If a database server already exists for vCenter Server, View Composer can use that existing database server if it is a version listed in Table 1-5. For example, View Composer can use the Microsoft SQL Server 2005 Express instance provided with vCenter Server. If a database server does not already exist, you must install one.
10
VMware, Inc.
View Composer supports a subset of the database servers that vCenter Server supports. If you are already using vCenter Server with a database server that is not supported by View Composer, continue to use that database server for vCenter Server and install a separate database server to use for View Composer and View Manager database events. IMPORTANT If you create the View Composer database on the same SQL Server instance as vCenter Server, do not overwrite the vCenter Server database. Table 1-5 lists the supported database servers and versions. For a complete list of database versions supported with vCenter Server, see the VMware vSphere Compatibility Matrixes on the VMware vSphere documentation Web site. Table 1-5. Supported Database Servers for View Composer
Database Microsoft SQL Server 2000 SP4 Standard Microsoft SQL Server 2005 Express Microsoft SQL Server 2005 SP3 Standard and Enterprise Microsoft SQL Server 2008 SP1 Standard and Enterprise Microsoft SQL Server 2008 SP1 Standard and Enterprise 64-bit Oracle 9i Release 2 Oracle 10g Release 2 Oracle 11g Release 1 vCenter Server 4.1 and later No vCenter Server 4.0 U2 and later No VC Server 2.5 U6 Yes
Yes Yes
Yes Yes
Yes Yes
Yes
Yes
No
Yes
Yes
No
No Yes Yes
No Yes Yes
Yes No No
Virtualization Software Requirements for View Composer Features

You must create linked-clone virtual machines on hosts that run ESX/ESXi 4 or later, and you must configure linked-clone pools in vSphere mode, to take advantage of several View Composer and vSphere features.
n n n n n
Storing linked-clone virtual machines on local datastores Redirecting disposable data to separate, non-persistent disks Storing replicas and linked clones on separate datastores Creating pools from a parent virtual-machine snapshot that uses hardware version 7 Using Sysprep customization specifications for linked-clone virtual machines. In addition, Sysprep is supported for linked clones only on vSphere 4.1 software. You cannot use Sysprep on vSphere 4.0 or VMware Infrastructure 3.5 software.
VMware, Inc.
11
View Transfer Server Requirements

View Transfer Server is an optional View Manager component that supports check in, check out, and replication of desktops that run in local mode. View Transfer Server has specific installation, operating system, and storage requirements.
n
Installation Requirements for View Transfer Server on page 12 You must install View Transfer Server as a Windows application in a virtual machine that meets specific requirements.
Supported Operating Systems for View Transfer Server on page 13 You must install View Transfer Server on a supported operating system with the required amount of RAM.
Storage Requirements for View Transfer Server on page 13 View Transfer Server transfers static content to and from the Transfer Server repository and dynamic content between local desktops and remote desktops in the datacenter. View Transfer Server has specific storage requirements.
Installation Requirements for View Transfer Server

You must install View Transfer Server as a Windows application in a virtual machine that meets specific requirements. The virtual machine that hosts View Transfer Server must meet several requirements regarding network connectivity:
n n n
It must be managed by the same vCenter Server instance as the local desktops that it will manage. It does not have to be part of a domain. It must use a static IP address.
CAUTION You must configure the virtual machine that hosts View Transfer Server with an LSI Logic Parallel SCSI controller. You cannot use a SAS or VMware paravirtual controller. On Windows Server 2008 virtual machines, the LSI Logic SAS controller is selected by default. You must change this selection to an LSI Logic Parallel controller before you install the operating system. The View Transfer Server software cannot coexist on the same virtual machine with any other View Manager software component, including View Connection Server. You can install multiple View Transfer Server instances for high availability and scalability.
12
VMware, Inc.
Supported Operating Systems for View Transfer Server

You must install View Transfer Server on a supported operating system with the required amount of RAM. Table 1-6. Operating System Support for View Transfer Server
Operating System Windows Server 2008 R2 Windows Server 2003 R2 Windows Server 2003 Version 64-bit 32-bit 32-bit Edition Standard Enterprise Standard Enterprise Standard Enterprise Service Pack N/A SP2 SP2 Minimum RAM 4GB 2GB 2GB
IMPORTANT Configure two virtual CPUs for virtual machines that host View Transfer Server.
Storage Requirements for View Transfer Server

View Transfer Server transfers static content to and from the Transfer Server repository and dynamic content between local desktops and remote desktops in the datacenter. View Transfer Server has specific storage requirements.
n
The disk drive on which you configure the Transfer Server repository must have enough space to store your static image files. Image files are View Composer base images. View Transfer Server must have access to the datastores that store the desktop disks to be transferred. The datastores must be accessible from the ESX host where the View Transfer Server virtual machine is running. The recommended maximum number of concurrent disk transfers that View Transfer Server can support is 20. During a transfer operation, a local desktop's virtual disk is mounted on View Transfer Server. The View Transfer Server virtual machine has four SCSI controllers. This configuration allows multiple disks to be attached to the virtual machine at one time.
Because local desktops can contain sensitive user data, make sure data is encrypted during its transit over the network. In View Administrator, you can configure data-transfer security options on each View Connection Server instance. To configure these options in View Administrator, click View Configuration > Servers, select a View Connection Server instance, and click Edit.
When View Transfer Server is added to View Manager, its Distributed Resource Scheduler (DRS) automation policy is set to Manual, which effectively disables DRS. To migrate a View Transfer Server instance to another ESX host or datastore, you must place the instance in maintenance mode before you begin the migration. When View Transfer Server is removed from View Manager, the DRS automation policy is reset to the value it had before View Transfer Server was added to View Manager.
VMware, Inc.
13
14
VMware, Inc.
System Requirements for Client Components
Systems running View client components must meet certain hardware and software requirements. View Client on Windows systems uses Microsoft Internet Explorer Internet settings, including proxy settings, when connecting to View Connection Server. Ensure that your Internet Explorer settings are accurate and that you can access the View Connection Server URL through Internet Explorer. You can use Internet Explorer 7 and 8. This chapter includes the following topics:
n n n n n n n
Supported Operating Systems for View Agent, on page 15 Supported Operating Systems for View Client and View Client with Local Mode, on page 16 Hardware Requirements for Local Mode Desktops, on page 16 Client Browser Requirements for View Portal, on page 18 Remote Display Protocol and Software Support, on page 18 Adobe Flash Requirements, on page 21 Smart Card Authentication Requirements, on page 21
Supported Operating Systems for View Agent

The View Agent component assists with session management, single sign-on, and device redirection. You must install View Agent on all virtual machines, physical systems, and terminal servers that will be managed by View Manager. Table 2-1 lists the operating systems supported for View Agent. Table 2-1. View Agent Operating System Support
Guest Operating System Windows 7 Windows Vista Windows XP Windows 2008 R2 Terminal Server Windows 2008 Terminal Server Version 64-bit and 32-bit 32-bit 32-bit 64-bit 64-bit Edition Enterprise and Professional Business and Enterprise Professional Standard Standard Service Pack N/A SP1 and SP2 SP3 N/A SP2
VMware, Inc.
15
Table 2-1. View Agent Operating System Support (Continued)

Guest Operating System Windows 2003 R2 Terminal Server Windows 2003 Terminal Server Version 32-bit 32-bit Edition Standard Standard Service Pack SP2 SP2
IMPORTANT If you use Windows 7 in a virtual machine, the host must be ESX/ESXi 4.0 Update 2 or later or ESX/ESXi 4.1 or later.
Supported Operating Systems for View Client and View Client with Local Mode
Users run View Client to connect to their View desktops. You must install View Client or View Client with Local Mode on a supported operating system. Table 2-2 lists the operating systems supported for View Client. Table 2-2. View Client Operating System Support
Operating System Windows 7 Windows XP Windows Vista Mac OS X Leopard 10.5 Mac OS X Snow Leopard 10.6 Version 32-bit and 64-bit 32-bit 32-bit N/A N/A Edition Home, Enterprise, Professional, and Ultimate Home and Professional Home, Business, Enterprise, and Ultimate N/A N/A Service Pack N/A SP3 SP1 and SP2 N/A N/A
IMPORTANT View Client with Local Mode is supported only on Windows systems and only on physical computers. In addition, to use this feature, your VMware license must include View Client with Local Mode. View Client with Local Mode is the fully supported feature that in earlier releases was an experimental feature called View Client with Offline Desktop. A Windows 7 or Windows Vista View desktop that is created on an ESX/ESXi 3.5 host cannot produce 3D and Windows Aero effects. This limitation applies even when the desktop is checked out for local use on a Windows 7 or Windows Vista client computer. Windows Aero and 3D effects are available only if the View desktop is created using vSphere 4.x. NOTE VMware partners offer thin client devices for VMware View deployments. The features and Linux operating systems that are available for each thin client device are determined by the vendor and model and the configuration that an enterprise chooses to use. For information about the vendors and models for thin client devices, see the Thin Client Compatibility Guide, available on the VMware Web site.
Hardware Requirements for Local Mode Desktops

When you check out a View desktop to run on your local computer, the hardware on the client computer must support both the local system and the virtual machine that now runs on it.
PC Hardware
Table 2-3 describes the hardware requirements for various View desktop operating systems.
16
VMware, Inc.
Chapter 2 System Requirements for Client Components
Table 2-3. Processor Requirements

Client Computer Requirement PC Number of CPUs CPU speed Description Standard x86 or x86 64-compatible Multiprocessor systems are supported For a Windows XP local desktop, 1.3GHz or faster; 1.6 GHz recommended For a Windows 7 desktop, 1.6GHz or faster; for Aero effects, 2.2GHz or faster Pentium 4, Pentium M (with PAE), Core, Core 2, Core i3, Core i5, and Core i7 processors For Windows 7 Aero: Intel Dual Core Athlon, Athlon MP, Athlon XP, Athlon 64, Athlon X2, Duron, Opteron, Turion X2, Turion 64, Sempron, Phenom, and Phenom II For Windows 7 Aero: Althon 4200+ and above Intel Pentium 4 and Core 2, and Core i7 processors with EM64T and Intel Virtualization Technology Most AMD64 processors (except the earliest revision C Opteron processors) nVidia GeForce 8800GT and above ATI Radeon HD 2600 and above
Intel processors
AMD processors
64-bit operating systems
GPU for Windows 7 Aero
Disk Space
If you use a default setup for the operating system in the View desktop, the actual disk space needs are approximately the same as those for installing and running the operating system and applications on a physical computer. For example, Microsoft recommends 16GB of hard disk space for a machine that runs a 32-bit Windows 7 operating system. If you configure a 16GB virtual hard disk for a 32-bit Windows 7 virtual machine, only the amount of disk space actually used is downloaded when you check out the local desktop. For a desktop that is allocated 16GB, the actual download size might be 7GB. After the desktop is downloaded, the amount of disk space used can grow to 16GB if you configured a 16GB hard disk. Because a snapshot is taken during replication, an additional equivalent amount of disk space is required. For example, if 7GB of disk space is currently being used for the local desktop, the snapshot consumes an additional 7GB on the client computer. IDE and SCSI hard drives are supported.
Memory
You need enough memory to run the host operating system on the client computer, plus the memory required for the View desktop's operating system and for applications on the client computer and the View desktop. VMware recommends that you have 2GB and above for Windows XP and Windows Vista, and 3GB and above for Windows 7. For more information on memory requirements, see your guest operating system and application documentation. The total amount of memory you can assign to all virtual machines running on a single computer is limited only by the amount of RAM on the computer. The maximum amount of memory for each View desktop on 32-bit client computers is 8GB and on 64-bit computers it is 32GB.
VMware, Inc.
17
Display
A 32-bit display adapter is recommended. 3D benchmarks, such as 3DMark '06, might not render correctly or at all when running Windows Vista or Windows 7 virtual machines on some graphics hardware. To play video at 720p or higher requires a multiprocessor system. For CPU and GPU requirements to support Windows 7 Aero, see the table in PC Hardware, on page 16.
Client Browser Requirements for View Portal

From a client system, you can browse to a View Connection Server instance and use View Portal to install a Mac-based View Client, a Windows-based View Client, or View Client with Local Mode. If you use Internet Explorer, View Portal indicates when a new version of View Client is available for download. To use View Portal, you must have one of the following Web browsers:
n n n n
Internet Explorer 7 Internet Explorer 8 Firefox 3.0 Firefox 3.5
If you use Internet Explorer and you already have View Client installed, if the version available from View Connection Server is newer than that installed on the client device, you can choose to upgrade. If the version is the same as that on the client device, View Portal starts the View Client installed on the local system. NOTE View Portal does not support Linux. A native client for Linux is available only through certified VMware partners.
Remote Display Protocol and Software Support

Remote display protocols and software provide access to the desktops of remote computers over a network connection. View Client supports the Microsoft Remote Desktop Protocol (RDP), PCoIP from VMware, and Hewlett-Packard Remote Graphics Software (RGS) display protocols.
n
VMware View with PCoIP on page 19 PCoIP provides an optimized desktop experience for the delivery of the entire desktop environment, including applications, images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users can remain productive regardless of network conditions.
Microsoft RDP on page 20 Microsoft Remote Desktop Connection (RDC) uses RDP to transmit data. RDP is a multichannel protocol that allows a user to connect to a computer remotely.
HP RGS Software on page 20 View Client supports connections to desktops using HP RGS when connecting to HP Blade PCs, HP Workstations, and HP Blade Workstations. VMware does not bundle or license HP RGS with View. You must contact HP to license a copy of HP RGS version 5.2.5 to use with View.
Multimedia Redirection (MMR) on page 21 Multimedia redirection (MMR) delivers the multimedia stream directly to client computers by using a virtual channel.
18
VMware, Inc.
VMware View with PCoIP

PCoIP provides an optimized desktop experience for the delivery of the entire desktop environment, including applications, images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users can remain productive regardless of network conditions. PCoIP is supported as the display protocol for View desktops with virtual machines and with physical machines that contain Teradici host cards.
PCoIP Features
Key features of PCoIP include the following:
n
For users outside the corporate firewall, you can use this protocol with your company's virtual private network or with View security servers. Connections to Windows desktops with the View Agent operating system versions listed in Supported Operating Systems for View Agent, on page 15 are supported. Connections from Windows clients with the View Client operating system versions listed in Supported Operating Systems for View Client and View Client with Local Mode, on page 16 are supported. MMR redirection is supported for Windows XP and Vista clients. MMR redirection is not supported for Windows 7 View Clients and is not supported on Windows 7 View desktops. USB redirection is supported. Audio redirection with dynamic audio quality adjustment for LAN and WAN is supported. Multiple monitors are supported. You can use up to four monitors and adjust the resolution for each monitor separately, with a resolution of up to 2560x1600 per display. Pivot display and autofit are also supported. 32-bit color is supported for virtual displays. ClearType fonts are supported. Text copy and paste between the local system and the desktop is supported, up to 64 kilobytes. You cannot copy and paste system objects such as folders and files between systems.
n n n
n n n
Video Quality
480p-formatted video You can play video at 480p or lower at native resolutions when the View desktop has a single virtual CPU. If the operating system is Windows 7 and you want to play the video in high-definition Flash or in full screen mode, the desktop requires a dual virtual CPU. You can play video at 720p at native resolutions if the View desktop has a dual virtual CPU. Performance might be affected if you play videos at 720p in high definition or in full screen mode. If the View desktop has a dual virtual CPU, you can play 1080p formatted video, although the media player might need to be adjusted to a smaller window size.
720p-formatted video
1080p-formatted video
VMware, Inc.
19
Recommended Guest Operating System Settings

Recommended guest operating system settings include the following settings:
n n
For Windows XP desktops: 768MB RAM or more and a single CPU For Windows 7 desktops: 1GB of RAM and a dual CPU
Client Hardware Requirements

Client hardware requirements include the following:
n n n
800MHz or higher processor speed. x86-based processor with SSE2 extensions. See the VMware View Architecture Planning document for information about RAM sizing for specific monitor configurations.
Microsoft RDP
Microsoft Remote Desktop Connection (RDC) uses RDP to transmit data. RDP is a multichannel protocol that allows a user to connect to a computer remotely. Following are RDP-related requirements and considerations for different Windows operating systems and features.
n n n n n
For Windows XP and Windows XP Embedded systems, you should use Microsoft RDC 6.x. Windows Vista comes with RDC 6.x installed. Windows 2000 supports RDC 5.0. It does not support RDC 6.x. You must have RDC 6.0 or later to use multiple monitors. For Windows XP desktop virtual machines, you must install the RDP patches listed in Microsoft Knowledge Base (KB) articles 323497 and 884020. If you do not install the RDP patches, a Windows Sockets failed error message might appear on the client. The View Agent installer configures the local firewall rule for inbound RDP connections to match the current RDP port of the host operating system, which is typically 3389. If you change the RDP port number, you must change the associated firewall rules.
You can download RDC 6.1 from the Microsoft Web site.
HP RGS Software
View Client supports connections to desktops using HP RGS when connecting to HP Blade PCs, HP Workstations, and HP Blade Workstations. VMware does not bundle or license HP RGS with View. You must contact HP to license a copy of HP RGS version 5.2.5 to use with View. HP RGS consists of a server-side component, called RGS Sender, and a client-side component, the RGS Receiver. Before you can configure View to use HP RGS, you must install HP RGS Sender in the remote desktop operating system and install HP RGS Receiver in the desktop. Do not install RGS USB on either the sender or receiver. You must add the RGS Sender application or port as an exception to any firewall software. The default RGS port is 42966. See the HP RGS documentation on the HP Web site for information on installing and configuring HP RGS components.
20
VMware, Inc.
HP RGS has the following limitations:

n n n n n n n
Connections to virtual machines are not supported. Vista desktops are not supported. Tunnel connections are not supported. Only direct connections are supported. Smart cards are not supported. Multiple monitors are not supported. View Portal does not support RGS connections. Linux thin clients do not support RGS connections.
Multimedia Redirection (MMR)

Multimedia redirection (MMR) delivers the multimedia stream directly to client computers by using a virtual channel. View Client and View Client with Local Mode support MMR on the following operating systems:
n n n
Windows XP Windows XP Embedded Windows Vista
The MMR feature supports the media file formats that the client system supports, since local decoders must exist on the client. File formats include MPEG2, WMV, AVI, and WAV, among others. For best quality, use Windows Media Player 10 or later, and install it on both the local computer, or client access device, and the View desktop. You must add the MMR port as an exception to your firewall software. The default port for MMR is 9427. NOTE The View Client video display hardware must have overlay support for MMR to work correctly.
Adobe Flash Requirements

You can reduce the amount of bandwidth used by Adobe Flash content that runs in View desktop sessions. This reduction can improve the overall browsing experience and make other applications running in the desktop more responsive. Adobe Flash bandwidth reduction is available for Internet Explorer sessions on Microsoft Windows only, and for Adobe Flash versions 9 and 10 only. To make use of Adobe Flash bandwidth reduction settings, Adobe Flash must not be running in full screen mode.
Smart Card Authentication Requirements

Client systems that use a smart card for user authentication must meet certain requirements. Each client system that uses a smart card for user authentication must have the following software and hardware:
n n n n
View Client A Windows-compatible smart card reader Smart card middleware Product-specific application drivers
You must also install product-specific application drivers on the View desktops.
VMware, Inc.
21
View supports smart cards and smart card readers that use a PKCS#11 or Microsoft CryptoAPI provider. You can optionally install the ActivIdentity ActivClient software suite, which provides tools for interacting with smart cards. Users that authenticate with smart cards must have a smart card or USB smart card token, and each smart card must contain a user certificate. To install certificates on a smart card, you must set up a computer to act as an enrollment station. This computer must have the authority to issue smart cards for users, and it must be a member of the domain you are issuing certificates for. IMPORTANT When you enroll a smart card, you can choose the key size of the resulting certificate. To use smart cards with local desktops, you must select a 1024-bit or 2048-bit key size during smart card enrollment. Certificates with 512-bit keys are not supported. The Microsoft TechNet Web site includes detailed information on planning and implementing smart card authentication for Windows systems. See Prepare Active Directory for Smart Card Authentication, on page 26 for information on tasks you might need to perform in Active Directory when you implement smart card authentication with View. Smart card authentication is not supported by View Client for Mac or View Administrator. See the VMware View Architecture Planning document for complete information on smart card support.
22
VMware, Inc.
Preparing Active Directory
View uses your existing Microsoft Active Directory infrastructure for user authentication and management. You must perform certain tasks to prepare Active Directory for use with View. View supports the following versions of Active Directory:
n n n
Windows 2000 Active Directory Windows 2003 Active Directory Windows 2008 Active Directory
This chapter includes the following topics:

n n n n n n n n n
Configuring Domains and Trust Relationships, on page 23 Creating an OU for View Desktops, on page 24 Creating OUs and Groups for Kiosk Mode Client Accounts, on page 24 Creating Groups for View Users, on page 24 Creating a User Account for vCenter Server, on page 24 Create a User Account for View Composer, on page 25 Configure the Restricted Groups Policy, on page 25 Using View Group Policy Administrative Template Files, on page 26 Prepare Active Directory for Smart Card Authentication, on page 26
Configuring Domains and Trust Relationships

You must join each View Connection Server host to an Active Directory domain. The host must not be a domain controller. You place View desktops in the same domain as the View Connection Server host or in a domain that has a two-way trust relationship with the View Connection Server host's domain. You can entitle users and groups in the View Connection host's domain to View desktops and pools. You can also select users and groups from the View Connection Server host's domain to be administrators in View Administrator. To entitle or select users and groups from a different domain, you must establish a two-way trust relationship between that domain and the View Connection Server host's domain. Users are authenticated against Active Directory for the View Connection Server host's domain and against any additional user domains with which a trust agreement exists. NOTE Because security servers do not access any authentication repositories, including Active Directory, they do not need to reside in an Active Directory domain.
VMware, Inc.
23
Trust Relationships and Domain Filtering

To determine which domains it can access, a View Connection Server instance traverses trust relationships beginning with its own domain. For a small, well-connected set of domains, View Connection Server can quickly determine the full list of domains, but the time that it takes increases as the number of domains increases or as the connectivity between the domains decreases. The list might also include domains that you would prefer not to offer to users when they log in to their View desktops. You can use the vdmadmin command to configure domain filtering to limit the domains that a View Connection Server instance searches and that it displays to users. See the VMware View Administration document for more information.
Creating an OU for View Desktops

You should create an organizational unit (OU) specifically for your View desktops. An OU is a subdivision in Active Directory that contains users, groups, computers, or other OUs. To prevent group policy settings from being applied to other Windows servers or workstations in the same domain as your desktops, you can create a GPO for your View group policies and link it to the OU that contains your View desktops. You can also delegate control of the OU to subordinate groups, such as server operators or individual users. If you use View Composer, you should create a separate Active Directory container for linked-clone desktops that is based on the OU for your View desktops. View administrators that have OU administrator privileges in Active Directory can provision linked-clone desktops without domain administrator privileges. If you change administrator credentials in Active Directory, you must also update the credential information in View Composer.
Creating OUs and Groups for Kiosk Mode Client Accounts

A client in kiosk mode is a thin client or a lock-down PC that runs View Client to connect to a View Connection Server instance and launch a remote desktop session. If you configure clients in kiosk mode, you should create dedicated OUs and groups in Active Directory for kiosk mode client accounts. Creating dedicated OUs and groups for kiosk mode client accounts partitions client systems against unwarranted intrusion and simplifies client configuration and administration. See the VMware View Administration document for more information.
Creating Groups for View Users

You should create groups for different types of View users in Active Directory. For example, you can create a group called VMware View Users for your View desktop users and another group called VMware View Administrators for users that will administer View desktops.
Creating a User Account for vCenter Server

You must create a user account in Active Directory to use with vCenter Server. You specify this user account when you add a vCenter Server instance in View Administrator. The user account must be in the same domain as your View Connection Server host or in a trusted domain. If you use View Composer, you must add the user account to the local Administrators group on the vCenter Server computer.
24
VMware, Inc.
Chapter 3 Preparing Active Directory
You must give the user account privileges to perform certain operations in vCenter Server. If you use View Composer, you must give the user account additional privileges. See Configuring User Accounts for vCenter Server and View Composer, on page 53 for information on configuring these privileges.
Create a User Account for View Composer

If you use View Composer, you must create a user account in Active Directory to use with View Composer. View Composer requires this account to join linked-clone desktops to your Active Directory domain. To ensure security, you should create a separate user account to use with View Composer. By creating a separate account, you can guarantee that it does not have additional privileges that are defined for another purpose. You can give the account the minimum privileges that it needs to create and remove computer objects in a specified Active Directory container. For example, the View Composer account does not require domain administrator privileges. Procedure 1 2 In Active Directory, create a user account in the same domain as your View Connection Server host or in a trusted domain. Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to the account in the Active Directory container in which the linked-clone computer accounts are created or to which the linked-clone computer accounts are moved. The following list shows all the required permissions for the user account, including permissions that are assigned by default:
n n n n n n
List Contents Read All Properties Write All Properties Read Permissions Create Computer Objects Delete Computer Objects
Make sure that the user account's permissions apply to the Active Directory container and to all child objects of the container.
What to do next Specify the account in View Administrator when you configure View Composer for vCenter Server and when you configure and deploy linked-clone desktop pools.
Configure the Restricted Groups Policy

To be able to log in to a View desktop, users must belong to the local Remote Desktop Users group of the View desktop. You can use the Restricted Groups policy in Active Directory to add users or groups to the local Remote Desktop Users group of every View desktop that is joined to your domain. The Restricted Groups policy sets the local group membership of computers in the domain to match the membership list settings defined in the Restricted Groups policy. The members of your View desktop users group are always added to the local Remote Desktop Users group of every View desktop that is joined to your domain. When adding new users, you need only add them to your View desktop users group. Prerequisites Create a group for View desktop users in your domain in Active Directory.
VMware, Inc.
25
Procedure 1 2 3 4 5 6 7 8 On your Active Directory server, select Start > Administrative Tools > Active Directory Users and Computers. Right-click your domain and select Properties. On the Group Policy tab, click Open to open the Group Policy Management plug-in. Right-click Default Domain Policy and click Edit. Expand the Computer Configuration section and open Windows Settings\Security Settings. Right-click Restricted Groups, select Add Group, and add the Remote Desktop Users group. Right-click the new restricted Remote Desktop Users group and add your View desktop users group to the group membership list. Click OK to save your changes.
Using View Group Policy Administrative Template Files

View includes several component-specific group policy administrative (ADM) template files.
install_directory\VMware\VMware View\Server\Extras\GroupPolicyFiles directory on your View
During View Connection Server installation, the View ADM template files are installed in the
Connection Server host. You must copy these files to a directory on your Active Directory server. You can optimize and secure View desktops by adding the policy settings in these files to a new or existing GPO in Active Directory and then linking that GPO to the OU that contains your View desktops. See the VMware View Administration document for information on using View group policy settings.
Prepare Active Directory for Smart Card Authentication

You might need to perform certain tasks in Active Directory when you implement smart card authentication.
n
Add UPNs for Smart Card Users on page 27 Because smart card logins rely on user principal names (UPNs), the Active Directory accounts of users that use smart cards to authenticate in View must have a valid UPN.
Add the Root Certificate to Trusted Root Certification Authorities on page 27 If you use a certification authority (CA) to issue smart card login or domain controller certificates, you must add the root certificate to the Trusted Root Certification Authorities group policy in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA.
Add an Intermediate Certificate to Intermediate Certification Authorities on page 28 If you use an intermediate certification authority (CA) to issue smart card login or domain controller certificates, you must add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory.
Add the Root Certificate to the Enterprise NTAuth Store on page 28 If you use a CA to issue smart card login or domain controller certificates, you must add the root certificate to the Enterprise NTAuth store in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA.
26
VMware, Inc.
Chapter 3 Preparing Active Directory
Add UPNs for Smart Card Users

Because smart card logins rely on user principal names (UPNs), the Active Directory accounts of users that use smart cards to authenticate in View must have a valid UPN. If the domain a smart card user resides in is different from the domain that your root certificate was issued from, you must set the users UPN to the Subject Alternative Name (SAN) contained in the root certificate of the trusted CA. If your root certificate was issued from a server in the smart card user's current domain, you do not need to modify the user's UPN. NOTE You might need to set the UPN for built-in Active Directory accounts, even if the certificate is issued from the same domain. Built-in accounts, including Administrator, do not have a UPN set by default. Prerequisites
n n
Obtain the SAN contained in the root certificate of the trusted CA by viewing the certificate properties. If the ADSI Edit utility is not present on your Active Directory server, download the Windows Support Tools from the Microsoft Web site.
Procedure 1 2 3 4 5 On your Active Directory server, start the ADSI Edit utility. In the left pane, expand the domain the user is located in and double-click CN=Users. In the right pane, right-click the user and then click Properties. Double-click the userPrincipalName attribute and type the SAN value of the trusted CA certificate. Click OK to save the attribute setting.
Add the Root Certificate to Trusted Root Certification Authorities

If you use a certification authority (CA) to issue smart card login or domain controller certificates, you must add the root certificate to the Trusted Root Certification Authorities group policy in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA. Procedure 1 2 3 4 5 6 7 8 On your Active Directory server, select Start > All Programs > Administrative Tools > Active Directory Users and Computers. Right-click your domain and click Properties. On the Group Policy tab, click Open to open the Group Policy Management plug-in. Right-click Default Domain Policy and click Edit. Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Trusted Root Certification Authorities and select Import. Follow the prompts in the wizard to import the root certificate (for example, rootCA.cer) and click OK. Close the Group Policy window.
All of the systems in the domain now have a copy of the root certificate in their trusted root store.
VMware, Inc.
27
What to do next If an intermediate certification authority (CA) issues your smart card login or domain controller certificates, add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory. See Add an Intermediate Certificate to Intermediate Certification Authorities, on page 28.
Add an Intermediate Certificate to Intermediate Certification Authorities

If you use an intermediate certification authority (CA) to issue smart card login or domain controller certificates, you must add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory. Procedure 1 2 3 4 5 6 7 8 On your Active Directory server, select Start > All Programs > Administrative Tools > Active Directory Users and Computers. Right-click your domain and click Properties. On the Group Policy tab, click Open to open the Group Policy Management plug-in. Right-click Default Domain Policy, and click Edit. Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Intermediate Certification Authorities and select Import. Follow the prompts in the wizard to import the intermediate certificate (for example, intermediateCA.cer) and click OK. Close the Group Policy window.
All of the systems in the domain now have a copy of the intermediate certificate in their intermediate certification authority store.
Add the Root Certificate to the Enterprise NTAuth Store

If you use a CA to issue smart card login or domain controller certificates, you must add the root certificate to the Enterprise NTAuth store in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA. Procedure
u
On your Active Directory server, use the certutil command to publish the certificate to the Enterprise NTAuth store. For example: certutil -dspublish -f path_to_root_CA_cert NTAuthCA
The CA is now trusted to issue certificates of this type.
28
VMware, Inc.
Installing View Composer
To use View Composer, you create a View Composer database, install the View Composer service on the vCenter Server computer, and optimize your View infrastructure to support View Composer. View Composer is an optional feature. Install View Composer if you intend to deploy linked-clone desktop pools. You must have a license to install and use the View Composer feature. This chapter includes the following topics:
n n n
Prepare a View Composer Database, on page 29 Install the View Composer Service, on page 36 Configuring Your Infrastructure for View Composer, on page 38
Prepare a View Composer Database

You must create a database and data source name (DSN) to store View Composer data. The View Composer service does not include a database. If a database instance does not exist on the vCenter Server computer or in your network environment, you must install one. After you install a database instance, you add the View Composer database to the instance. You can add the View Composer database to the instance on which the vCenter Server database is located. You can configure the database locally, on the same Windows Server computer as vCenter Server, or remotely, on a network-connected Linux, UNIX, or Windows Server computer. The View Composer database stores information about connections and components that are used by View Composer:
n n n n
vCenter Server connections Active Directory connections Linked-clone desktops that are deployed by View Composer Replicas that are created by View Composer
Each instance of the View Composer service must have its own View Composer database. Multiple View Composer services cannot share a View Composer database. For a list of supported database versions, see Database Requirements for View Composer, on page 10. To add a View Composer database to an installed database instance, choose one of these procedures.
VMware, Inc.
29
Create a SQL Server Database for View Composer on page 30 View Composer can store linked-clone desktop information in a SQL Server database. You create a View Composer database by adding it to SQL Server and configuring an ODBC data source for it.
Create an Oracle Database for View Composer on page 32 View Composer can store linked-clone desktop information in an Oracle 11g, 10g, or 9i database. You create a View Composer database by adding it to an existing Oracle instance and configuring an ODBC data source for it. You can add a new View Composer database by using the Oracle Database Configuration Assistant or by running a SQL statement.
Create a SQL Server Database for View Composer

View Composer can store linked-clone desktop information in a SQL Server database. You create a View Composer database by adding it to SQL Server and configuring an ODBC data source for it.
Add a View Composer Database to SQL Server

You can add a new View Composer database to an existing Microsoft SQL Server instance to store linked-clone data for View Composer. If the database resides on the same system as vCenter Server, you can use the Integrated Windows Authentication security model. If the database resides on a remote system, you cannot use this method of authentication. Prerequisites
n
Verify that a supported version of SQL Server is installed on the vCenter Server computer or in your network environment. For details, see Database Requirements for View Composer, on page 10. Verify that you use SQL Server Management Studio or SQL Server Management Studio Express to create and administer the data source. You can download and install SQL Server Management Studio Express from the following Web site. http://www.microsoft.com/downloadS/details.aspx? familyid=C243A5AE-4BD1-4E3D-94B8-5A0F62BF7796
Procedure 1 2 3 4 On the vCenter Server computer, select Start > All Programs > Microsoft SQL Server 2008 or Microsoft SQL Server 2005. Select SQL Server Management Studio Express and connect to the existing SQL Server instance for vSphere Management. In the Object Explorer panel, right-click the Databases entry and select New Database. In the New Database dialog box, type a name in the Database name text box. For example: viewComposer 5 Click OK. SQL Server Management Studio Express adds your database to the Databases entry in the Object Explorer panel. 6 Exit Microsoft SQL Server Management Studio Express.
What to do next Follow the instructions in Add an ODBC Data Source to SQL Server, on page 31.
30
VMware, Inc.
Chapter 4 Installing View Composer
Add an ODBC Data Source to SQL Server

After you add a View Composer database to SQL Server, you must configure an ODBC connection to the new database to make this data source visible to the View Composer service. These instructions assume that you are configuring the ODBC data source on Windows Server 2003 SP2. Prerequisites Complete the steps described in Add a View Composer Database to SQL Server, on page 30. Procedure 1 2 3 4 5 On the vCenter Server computer, select Start > Administrative Tools > Data Source (ODBC). Select the System DSN tab. Click Add and select SQL Native Client from the list. Click Finish. In the Create a New Data Source to SQL Server setup wizard, type a name and description of the View Composer database. For example: ViewComposer 6 In the Server text box, type the SQL Server database name. Use the form host_name\server_name, where host_name is the name of the computer and server_name is the SQL Server instance. For example: VCHOST1\SQLEXP_VIM 7 8 Click Next. Make sure that the Connect to SQL Server to obtain default settings for the additional configuration options check box is selected and select an authentication option.
Option Windows NT authentication Description Select this option if you are using a local instance of SQL Server. This option is also known as trusted authentication. Windows NT authentication is supported only if SQL Server is running on the vCenter Server computer. Select this option if you are using a remote instance of SQL Server. Windows NT authentication is not supported on remote SQL Server.
SQL Server authentication
9 10
Click Next. Select the Change the default database to check box and select the name of the View Composer database from the list. For example: ViewComposer
11
Finish and close the Microsoft ODBC Data Source Administrator wizard.
What to do next Install the new View Composer service on the vCenter Server computer. See Install the View Composer Service, on page 36.
VMware, Inc.
31
Create an Oracle Database for View Composer

View Composer can store linked-clone desktop information in an Oracle 11g, 10g, or 9i database. You create a View Composer database by adding it to an existing Oracle instance and configuring an ODBC data source for it. You can add a new View Composer database by using the Oracle Database Configuration Assistant or by running a SQL statement.
n
Add a View Composer Database to Oracle 11g or 10g on page 32 You can use the Oracle Database Configuration Assistant to add a new View Composer database to an existing Oracle 11g or 10g instance.
Add a View Composer Database to Oracle 9i on page 33 You can use the Oracle Database Configuration Assistant to add a new View Composer database to an existing Oracle 9i instance.
Use a SQL Statement to Add a View Composer Database to an Oracle Instance on page 34 The View Composer database must have certain table spaces and privileges. You can use a SQL statement to create the View Composer database in an Oracle 11g, 10g, or 9i database instance.
Configure an Oracle Database User for View Composer on page 34 By default, the database user that runs the View Composer database has Oracle system administrator permissions. To restrict the security permissions for the user that runs the View Composer database, you must configure an Oracle database user with specific permissions.
Add an ODBC Data Source to Oracle 11g or 10g on page 35 After you add a View Composer database to an Oracle 11g or 10g instance, you must configure an ODBC connection to the new database to make this data source visible to the View Composer service.
Add an ODBC Data Source to Oracle 9i on page 36 After you add a View Composer database to an Oracle 9i instance, you must configure an ODBC connection to the new database to make this data source visible to the View Composer service.
Add a View Composer Database to Oracle 11g or 10g

You can use the Oracle Database Configuration Assistant to add a new View Composer database to an existing Oracle 11g or 10g instance. Prerequisites Verify that a supported version of Oracle 11g or 10g is installed on the vCenter Server computer. See Database Requirements for View Composer, on page 10. Procedure 1 On the vCenter Server computer, start the Database Configuration Assistant.
Database Version Oracle 11g Oracle 10g Action Select Start > All Programs > Oracle-OraDb11g_home > Configuration and Migration Tools > Database Configuration Assistant. Select Start > All Programs > Oracle-OraDb10g_home > Configuration and Migration Tools > Database Configuration Assistant.
2 3
On the Operations page, select Create a database. On the Database Templates page, select the General Purpose or Transaction Processing template.
32
VMware, Inc.
On the Database Identification page, type a Global Database Name and an Oracle System Identifier (SID) prefix. For simplicity, use the same value for both items.
5 6 7 8 9
On the Management Options page, click Next to accept the default settings. On the Database Credentials page, select Use the Same Administrative Passwords for All Accounts and type a password. On the remaining configuration pages, click Next to accept the default settings. On the Creation Options page, verify that Create Database is selected and click Finish. On the Confirmation page, review the options and click OK. The configuration tool creates the database.
10
On the Database Creation Complete page, click OK.
What to do next Follow the instructions in Add an ODBC Data Source to Oracle 11g or 10g, on page 35.
Add a View Composer Database to Oracle 9i

You can use the Oracle Database Configuration Assistant to add a new View Composer database to an existing Oracle 9i instance. Prerequisites Verify that a supported version of Oracle 9i is installed on the vCenter Server computer. See Database Requirements for View Composer, on page 10. Procedure 1 2 3 4 On the vCenter Server computer, select Start > All Programs > Oracle-OraHome92 > Configuration and Migration Tools > Database Configuration Assistant. On the Operations page, select Create a database. On the Database Templates page, select the General Purpose template. On the Database Identification page, type a Global Database Name and an Oracle System Identifier (SID) prefix. For simplicity, use the same value for both items. 5 6 7 8 On the Database Connection Options page, select Dedicated Server Mode. On the remaining configuration pages, click Next to accept the default settings. On the Creation Options page, verify that Create Database is selected and click Finish. On the Summary page, review the options and click OK. The configuration tool creates the database. 9 Set passwords for the SYS and SYSTEM administrator accounts. You use the SYSTEM account to set up the data-source connection. What to do next Follow the instructions in Add an ODBC Data Source to Oracle 9i, on page 36.
VMware, Inc.
33
Use a SQL Statement to Add a View Composer Database to an Oracle Instance

The View Composer database must have certain table spaces and privileges. You can use a SQL statement to create the View Composer database in an Oracle 11g, 10g, or 9i database instance. When you create the database, you can customize the location of the data and log files. Prerequisites Verify that a supported version of Oracle 11g or 10g is installed on the vCenter Server computer. For details, see Database Requirements for View Composer, on page 10. Procedure 1 2 Log in to a SQL*Plus session with the system account. Run the following SQL statement to create the database.
CREATE SMALLFILE TABLESPACE "VCMP" DATAFILE '/u01/app/oracle/oradata/vcdb/vcmp01.dbf' SIZE 512M AUTOEXTEND ON NEXT 10M MAXSIZE UNLIMITED LOGGING EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;
In this example, VCMP is the sample name of the View Composer database and vcmp01.dbf is the name of the database file. For a Windows installation, use Windows conventions in the directory path to the vcmp01.dbf file. What to do next If you want to run the View Composer database with specific security permissions, follow the instructions in Configure an Oracle Database User for View Composer, on page 34. For Oracle 11g or 10g, follow the instructions in Add an ODBC Data Source to Oracle 11g or 10g, on page 35 For Oracle 9i, follow the instructions in Add an ODBC Data Source to Oracle 9i, on page 36
Configure an Oracle Database User for View Composer

By default, the database user that runs the View Composer database has Oracle system administrator permissions. To restrict the security permissions for the user that runs the View Composer database, you must configure an Oracle database user with specific permissions. Prerequisites Verify that a View Composer database was created in an Oracle 11g, 10g, or 9i instance.
34
VMware, Inc.
Procedure 1 2 Log in to a SQL*Plus session with the system account. Run the following SQL command to create a View Composer database user with the correct permissions.
CREATE USER "VCMPADMIN" PROFILE "DEFAULT" IDENTIFIED BY "oracle" DEFAULT TABLESPACE "VCMP" ACCOUNT UNLOCK; grant connect to VCMPADMIN; grant resource to VCMPADMIN; grant create view to VCMPADMIN; grant create sequence to VCMPADMIN; grant create table to VCMPADMIN; grant create materialized view to VCMPADMIN; grant execute on dbms_lock to VCMPADMIN; grant execute on dbms_job to VCMPADMIN; grant unlimited tablespace to VCMPADMIN;
In this example, the user name is VCMPADMIN and the View Composer database name is VCMP. By default the resource role has the create procedure, create table, and create sequence privileges assigned. If the resource role does not have these privileges, explicitly grant them to the View Composer database user.
Add an ODBC Data Source to Oracle 11g or 10g

After you add a View Composer database to an Oracle 11g or 10g instance, you must configure an ODBC connection to the new database to make this data source visible to the View Composer service. These instructions assume that you are configuring the ODBC data source on Windows Server 2003 SP2. Prerequisites Verify that you completed the steps described in Add a View Composer Database to Oracle 11g or 10g, on page 32 or Use a SQL Statement to Add a View Composer Database to an Oracle Instance, on page 34. Procedure 1 2 3 On the vCenter Server computer, select Start > Administrative Tools > Data Source (ODBC). From the Microsoft ODBC Data Source Administrator wizard, select the System DSN tab. Click Add and select the appropriate Oracle driver from the list. For example: OraDb11g_home 4 5 Click Finish. In the Oracle ODBC Driver Configuration dialog box, type a DSN to use with View Composer, a description of the data source, and a user ID to connect to the database. If you configured an Oracle database user ID with specific security permissions, specify this user ID. NOTE You use the DSN when you install the View Composer service. 6 Specify a TNS Service Name by selecting the Global Database Name from the drop-down menu. The Oracle Database Configuration Assistant specifies the Global Database Name. 7 To verify the data source, click Test Connection and click OK.
VMware, Inc.
35
Add an ODBC Data Source to Oracle 9i

After you add a View Composer database to an Oracle 9i instance, you must configure an ODBC connection to the new database to make this data source visible to the View Composer service. These instructions assume that you are configuring the ODBC data source on Windows Server 2003 SP2. Prerequisites Verify that you completed the steps described in Add a View Composer Database to Oracle 9i, on page 33 or Use a SQL Statement to Add a View Composer Database to an Oracle Instance, on page 34. Procedure 1 2 3 On the vCenter Server computer, select Start > Administrative Tools > Data Source (ODBC). From the Microsoft ODBC Data Source Administrator wizard, select the System DSN tab. Click Add and select the appropriate Oracle driver from the list. For example: Oracle in OraHome92 4 5 Click Finish. In the Oracle ODBC Driver Configuration dialog box, type a DSN to use with View Composer, a description of the data source, and a user ID to connect to the database. If you configured an Oracle database user ID with specific security permissions, specify this user ID. NOTE You use the DSN when you install the View Composer service. 6 Specify a TNS Service Name by selecting the Global Database Name from the drop-down menu. The Oracle Database Configuration Assistant specifies the Global Database Name. 7 To verify the data source, click Test Connection and click OK.
Install the View Composer Service

To use View Composer, you must install the View Composer service on the vCenter Server computer. View Manager uses View Composer to create and deploy linked-clone desktops in vCenter Server. You install the View Composer service on the Windows Server computer on which vCenter Server is installed. Prerequisites
n
Verify that your installation satisfies the View Composer requirements described in View Composer Requirements, on page 9. Verify that you have a license to install and use View Composer. In vCenter Server, create a resource pool on the ESX host or cluster on which you want to store linkedclone desktops.
n n
36
VMware, Inc.
If Windows firewall is running on the vCenter Server computer, make sure that the port the View Composer service uses to communicate with View Connection Server is accessible. You can add this port to the exception list or deactivate the local firewall service. You specify this port when you install the View Composer service. Verify that you have the DSN, domain administrator user name, and password that you provided in the ODBC Data Source Administrator wizard. You enter this information when you install the View Composer service.
Procedure 1 Download the VMware View Composer installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer on which vCenter Server is installed. The installer filename is VMware-viewcomposer-xxxxxx.exe, where xxxxxx is the build number. This installer file installs the View Composer service on 64-bit and 32-bit Windows Server operating systems. 2 To start the View Composer installation program, double-click the installer file. On Windows Server 2008 computers, you might have to right-click the installer file and select Run As Administrator. 3 4 5 Accept the VMware license terms. Accept or change the destination folder. Type the DSN for the View Composer database that you provided in the Microsoft or Oracle ODBC Data Source Administrator wizard. For example: VMware View Composer NOTE If you did not configure a DSN for the View Composer database, click ODBC DSN Setup to configure a name now. 6 Type the domain administrator user name and password that you provided in the ODBC Data Source Administrator wizard. If you configured an Oracle database user with specific security permissions, specify this user name. 7 Type a port number or accept the default value. View Connection Server uses this port to communicate with the View Composer service. 8 Provide an SSL certificate.
Option Create default SSL certificate Use an existing SSL certificate Action Click this radio button to create a default SSL certificate for the View Composer service. Click this radio button if you have an SSL certificate you want to use for the View Composer service. Select an SSL certificate from the list.
Click Install and Finish to complete the View Composer service installation.
The VMware View Composer service starts on the vCenter Server computer.
VMware, Inc.
37
Configuring Your Infrastructure for View Composer

You can take advantage of features in vSphere, vCenter Server, Active Directory, and other components of your infrastructure to optimize the performance, availability, and reliability of View Composer.
Configuring the vSphere Environment for View Composer

To support View Composer, you should follow certain best practices when you install and configure vCenter Server, ESX, and other vSphere components. These best practices let View Composer work efficiently in the vSphere environment.
n
After you create the path and folder information for linked-clone virtual machines, do not change the information in vCenter Server. Instead, use View Administrator to change the folder information. If you change this information in vCenter Server, View Manager cannot successfully look up the virtual machines in vCenter Server.
Make sure that the vSwitch settings on the ESX host are configured with enough ports to support the total number of virtual NICs that are configured on the linked-clone virtual machines that run on the ESX host. When you deploy linked-clone desktops in a resource pool, make sure that your vSphere environment has enough CPU and memory to host the number of desktops that you require. Use vSphere Client to monitor CPU and memory usage in resource pools. A cluster that is used for View Composer linked clones can contain at most eight ESX hosts. In a large View Composer environment, you might have to configure many eight-host clusters. Use vSphere DRS. DRS efficiently distributes linked-clone virtual machines among your hosts. NOTE Storage vMotion is not supported for linked-clone desktops.
Additional Best Practices for View Composer

To make sure that View Composer works efficiently, check that your dynamic name service (DNS) operates correctly, and run antivirus software scans at staggered times. By making sure that DNS resolution operates correctly, you can overcome intermittent issues caused by DNS errors. The View Composer service relies on dynamic name resolution to communicate with other computers. To test DNS operation, ping the Active Directory and View Connection Server computers by name. If you stagger the run times for your antivirus software, performance of the linked-clone desktops is not affected. If the antivirus software runs in all linked clones at the same time, excessive I/O operations per second (IOPS) occur in your storage subsystem. This excessive activity can affect performance of the linked-clone desktops.
38
VMware, Inc.
Installing View Connection Server
To use View Connection Server, you install the software on supported computers, configure the required components, and, optionally, optimize the components. This chapter includes the following topics:
n n n n n
Installing the View Connection Server Software, on page 39 Configuring User Accounts for vCenter Server and View Composer, on page 53 Configuring View Connection Server for the First Time, on page 56 Configuring View Client Connections, on page 60 Sizing Windows Server Settings to Support Your Deployment, on page 63
Installing the View Connection Server Software

Depending on the performance, availability, and security needs of your View deployment, you can install a single instance of View Connection Server, replicated instances of View Connection Server, and security servers. You must install at least one instance of View Connection Server. When you install View Connection Server, you select a type of installation. Standard installation Replica installation Security server installation Generates a View Connection Server instance with a new View LDAP configuration. Generates a View Connection Server instance with a View LDAP configuration that is copied from an existing instance. Generates a View Connection Server instance that adds an additional layer of security between the Internet and your internal network.
Installation Prerequisites for View Connection Server

Before you install View Connection Server, you must verify that your installation environment satisfies specific prerequisites. View Connection Server requires a valid license key for View Manager. The following license keys are available:
n n
View Manager View Manager with View Composer and Local Mode
VMware, Inc.
39
You must join the View Connection Server host to an Active Directory domain. View Connection Server supports the following versions of Active Directory:
n n n
Windows 2000 Active Directory Windows 2003 Active Directory Windows 2008 Active Directory
The View Connection Server host must not be a domain controller. NOTE View Connection Server does not make, nor does it require, any schema or configuration updates to Active Directory. Do not install View Connection Server on systems that have the Windows Terminal Server role installed. You must remove the Windows Terminal Server role from any system on which you install View Connection Server. Do not install View Connection Server on a system that performs any other functions or roles. For example, do not use the same system to host vCenter Server. The system on which you install View Connection Server must have a static IP address. To install View Connection Server, you must use a domain user account with administrator privileges on the system.
Install View Connection Server with a New Configuration

To install View Connection Server as a single server or as the first instance in a group of replicated View Connection Server instances, you use the standard installation option. When you select the standard installation option, the installation creates a new, local View LDAP configuration. The installation loads the schema definitions, Directory Information Tree (DIT) definition, and ACLs and initializes the data. After installation, you manage most View LDAP configuration data by using View Administrator. View Connection Server automatically maintains some View LDAP entries. Prerequisites
n
Verify that you can log in as a domain user with administrator privileges on the Windows Server computer on which you install View Connection Server. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Familiarize yourself with the network ports that must be opened on the Windows Firewall for View Connection Server instances. See Firewall Rules for View Connection Server, on page 43.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 4 To start the View Connection Server installation program, double-click the installer file. Accept the VMware license terms. Accept or change the destination folder.
40
VMware, Inc.
Chapter 5 Installing View Connection Server
5 6 7
Select the View Standard Server installation option. Accept the Microsoft Software Supplemental License Agreement for Microsoft Active Directory Application Mode (ADAM). If you install View Connection Server on Windows Server 2008, choose how to configure the Windows Firewall service.
Option Configure Windows Firewall automatically Do not configure Windows Firewall Action Let the installer configure Windows Firewall to allow the required network connections. Configure the Windows firewall rules manually.
If you install View Connection Server on Windows Server 2003, you must configure the required Windows firewall rules manually. 8 Complete the installation wizard to finish installing View Connection Server.
The VMware View services are installed on the Windows Server computer:
n n n n n n n n
VMware View Connection Server VMware View Framework Component VMware View Message Bus Component VMware View Script Host VMware View Security Gateway Component VMware View PCoIP Secure Gateway VMware View Web Component VMware VDMDS, which provides View LDAP directory services
For information about these services, see the VMware View Administration document. What to do next Perform initial configuration on View Connection Server. If you plan to include replicated View Connection Server instances and security servers in your deployment, you must install each server instance by running the View Connection Server installer file. If you are reinstalling View Connection Server on a Windows Server 2008 operating system and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.
Install View Connection Server Silently

You can use the silent installation feature of the Microsoft Windows Installer (MSI) to perform a standard installation of View Connection Server on several Windows computers. In a silent installation, you use the command line and do not have to respond to wizard prompts. With silent installation, you can efficiently deploy View components in a large enterprise. Prerequisites
n
Verify that you can log in as a domain user with administrator privileges on the Windows Server computer on which you install View Connection Server. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39.
VMware, Inc.
41
Verify that the Windows computer on which you install View Connection Server has version 2.0 or later of the MSI runtime engine. For details, see the Microsoft Web site. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation properties available with a standard installation of View Connection Server. See Silent Installation Properties for a View Connection Server Standard Installation, on page 42.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 Open a command prompt on the Windows Server computer. Type the installation command on one line. For example: VMware-viewconnectionserver-4.6.x-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=1" The VMware View services are installed on the Windows Server computer. For details, see Install View Connection Server with a New Configuration, on page 40.
Silent Installation Properties for a View Connection Server Standard Installation

You can include specific View Connection Server properties when you perform a silent installation from the command line. You must use a PROPERTY=value format so that Microsoft Windows Installer (MSI) can interpret the properties and values. Table 5-1. MSI Properties for Silently Installing View Connection Server in a Standard Installation
MSI Property INSTALLDIR Description The path and folder in which the View Connection Server software is installed. For example: INSTALLDIR=""D:\abc\my folder"" The sets of two double quotes that enclose the path permit the MSI installer to interpret the space as a valid part of the path. VDM_SERVER_ INSTANCE_TYPE The type of View Connection Server installation: n 1. Standard installation
n n n
Default Value %ProgramFiles %\VMware\VMware View\Server
2. Replica installation 3. Security server installation 4. View Transfer Server installation
For example, to perform a standard installation, define VDM_SERVER_INSTANCE_TYPE=1 FWCHOICE The MSI property that determines whether to configure a firewall for the View Connection Server instance. A value of 1 configures a firewall. A value of 2 does not configure a firewall. For example: FWCHOICE=1 1
42
VMware, Inc.
Firewall Rules for View Connection Server

Certain ports must be opened on the firewall for View Connection Server instances and security servers. When you install View Connection Server on Windows Server 2008, the installation program can optionally configure the required Windows firewall rules for you. When you install View Connection Server on Windows Server 2003, you must configure the required Windows firewall rules manually. Table 5-2. Ports Opened During View Connection Server Installation
Protocol JMS JMSIR AJP13 HTTP HTTPS PCoIP Ports TCP 4001 in TCP 4100 in TCP 8009 in TCP 80 in TCP 443 in TCP 4172 in; UDP 4172 both directions View Connection Server Instance Type Standard and replica Standard and replica Standard and replica Standard, replica, and security server Standard, replica, and security server Standard, replica, and security server
Install a Replicated Instance of View Connection Server

To provide high availability and load balancing, you can install one or more additional instances of View Connection Server that replicate an existing View Connection Server instance. After a replica installation, the existing and newly installed instances of View Connection Server are identical. When you install a replicated instance, View Manager copies the View LDAP configuration data from the existing View Connection Server instance. After the installation, the View Manager software maintains identical View LDAP configuration data on all View Connection Server instances in the replicated group. When a change is made on one instance, the updated information is copied to the other instances. If a replicated instance fails, the other instances in the group continue to operate. When the failed instance resumes activity, its configuration is updated with the changes that took place during the outage. NOTE Replication functionality is provided by View LDAP, which uses the same replication technology as Active Directory. Prerequisites
n n
Verify that at least one View Connection Server instance is installed and configured on the network. Verify that you can log in as a domain user with administrator privileges on the Windows Server computer on which you plan to install the replicated instance. If the existing View Connection Server instance is in a different domain than the replicated instance, the domain user must also have local administrator privileges on the Windows Server computer where the existing instance is installed. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Verify that the computers on which you install replicated View Connection Server instances are connected over a high-performance LAN. See Network Requirements for Replicated View Connection Server Instances, on page 9.
VMware, Inc.
43
Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Familiarize yourself with the network ports that must be opened on the Windows Firewall for View Connection Server instances. See Firewall Rules for View Connection Server, on page 43.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 4 5 6 7 8 To start the View Connection Server installation program, double-click the installer file. Accept the VMware license terms. Accept or change the destination folder. Select the View Replica Server installation option. Enter the host name or IP address of the existing View Connection Server instance you are replicating. Accept the Microsoft Software Supplemental License Agreement for Microsoft Active Directory Application Mode (ADAM). If you install View Connection Server on Windows Server 2008, choose how to configure the Windows Firewall service.
If you install View Connection Server on Windows Server 2003, you must configure the required Windows firewall rules manually. 9 Complete the installation wizard to finish installing the replicated instance.
The VMware View services are installed on the Windows Server computer:
n n n n n n n n
VMware View Connection Server VMware View Framework Component VMware View Message Bus Component VMware View Script Host VMware View Security Gateway Component VMware View PCoIP Secure Gateway VMware View Web Component VMware VDMDS, which provides View LDAP directory services
For information about these services, see the VMware View Administration document. What to do next You do not have to perform initial configuration on a replicated instance of View Connection Server. The replicated instance inherits its configuration from the existing View Connection Server instance. If you are reinstalling View Connection Server on a Windows Server 2008 operating system and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.
44
VMware, Inc.
Install a Replicated Instance of View Connection Server Silently

You can use the silent installation feature of the Microsoft Windows Installer (MSI) to install a replicated instance of View Connection Server on several Windows computers. In a silent installation, you use the command line and do not have to respond to wizard prompts. With silent installation, you can efficiently deploy View components in a large enterprise. Prerequisites
n n
Verify that at least one View Connection Server instance is installed and configured on the network. Verify that you can log in as a domain user with administrator privileges on the Windows Server computer on which you plan to install the replicated instance. If the existing View Connection Server instance is in a different domain than the replicated instance, the domain user must also have local administrator privileges on the Windows Server computer where the existing instance is installed. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Verify that the computers on which you install replicated View Connection Server instances are connected over a high-performance LAN. See Network Requirements for Replicated View Connection Server Instances, on page 9. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation properties available with a replica installation of View Connection Server. See Silent Installation Properties for a Replicated Instance of View Connection Server, on page 46.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 Open a command prompt on the Windows Server computer. Type the installation command on one line. For example: VMware-viewconnectionserver-4.6.x-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=2
ADAM_PRIMARY_NAME=cs1.companydomain.com"
The VMware View services are installed on the Windows Server computer. For details, see Install a Replicated Instance of View Connection Server, on page 43.
VMware, Inc.
45
Silent Installation Properties for a Replicated Instance of View Connection Server

You can include specific properties when you silently install a replicated View Connection Server instance from the command line. You must use a PROPERTY=value format so that Microsoft Windows Installer (MSI) can interpret the properties and values. Table 5-3. MSI Properties for Silently installing a Replicated Instance of View Connection Server
MSI Property INSTALLDIR Description The path and folder in which the View Connection Server software is installed. For example: INSTALLDIR=""D:\abc\my folder"" The sets of two double quotes that enclose the path permit the MSI installer to interpret the space as a valid part of the path. This MSI property is optional. VDM_SERVER_INSTANCE_ TYPE The type of View Connection Server installation:
n n n n
1. Standard installation 2. Replica installation 3. Security server installation 4. View Transfer Server installation
To install a replicated instance, define VDM_SERVER_INSTANCE_TYPE=2 This MSI property is optional for a standard installation. It is required for all other types of installation. ADAM_PRIMARY_NAME The host name or IP address of the existing View Connection Server instance you are replicating. For example: ADAM_PRIMARY_NAME=cs1.companydomain.com This MSI property is required. ADAM_PRIMARY_PORT The View LDAP port of the existing View Connection Server instance you are replicating. For example: ADAM_PRIMARY_PORT=cs1.companydomain.com This MSI property is optional. FWCHOICE The MSI property that determines whether to configure a firewall for the View Connection Server instance. A value of 1 configures a firewall. A value of 2 does not configure a firewall. For example: FWCHOICE=1 This MSI property is optional. 1 None None
Configure a Security Server Pairing Password

Before you can install a security server, you must configure a security server pairing password. The View Connection Server installation program prompts you for this password during the installation process. The security server pairing password is a one-time password that permits a security server to be paired with a View Connection Server instance. The password becomes invalid after you provide it to the View Connection Server installation program. Procedure 1 2 3 In View Administrator, select View Configuration > Servers. In the View Servers pane, select the View Connection Server instance to pair with the security server. From the More Commands drop-down menu, select Specify Security Server Pairing Password.
46
VMware, Inc.
Type the password in the Pairing password and Confirm password text boxes and specify a password timeout value. You must use the password within the specified timeout period.
Click OK to configure the password.
What to do next Install a security server. See Install a Security Server, on page 47. IMPORTANT If you do not provide the security server pairing password to the View Connection Server installation program within the password timeout period, the password becomes invalid and you must configure a new password.
Install a Security Server

A security server is an instance of View Connection Server that adds an additional layer of security between the Internet and your internal network. You can install one or more security servers to be connected to a View Connection Server instance. Prerequisites
n
Determine the type of topology to use. For example, determine which load balancing solution to use. Decide if the View Connection Server instances that are paired with security servers will be dedicated to users of the external network. For information, see the VMware View Architecture Planning document. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Verify that the View Connection Server instance to be paired with the security server is installed and configured and is running View Connection Server 4.6 or later. You cannot pair a View 4.6 or later security server with an older version of View Connection Server. Verify that the View Connection Server instance to be paired with the security server is accessible to the computer on which you plan to install the security server. Configure a security server pairing password. See Configure a Security Server Pairing Password, on page 46. Familiarize yourself with the format of external URLs. See Configuring External URLs for PCoIP Secure Gateway and Tunnel Connections, on page 61. Familiarize yourself with the network ports that must be opened on the Windows Firewall for a security server. See Firewall Rules for View Connection Server, on page 43.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 4 5 To start the View Connection Server installation program, double-click the installer file. Accept the VMware license terms. Accept or change the destination folder. Select the View Security Server installation option.
VMware, Inc.
47
Type the fully qualified domain name or IP address of the View Connection Server instance to pair with the security server in the Server text box. The security server forwards network traffic to this View Connection Server instance.
Type the security server pairing password in the Password text box. If the password has expired, you can use View Administrator to configure a new password and type the new password in the installation program.
In the External URL text box, type the external URL of the security server for View Clients that use the RDP or PCoIP display protocols. The URL must contain the protocol, client-resolvable security server name or IP address, and port number. Tunnel clients that run outside of your network use this URL to connect to the security server. For example: https://view.example.com:443
In the PCoIP External URL text box, type the external URL of the security server for View Clients that use the PCoIP display protocol. Specify the PCoIP external URL as an IP address with the port number 4172. Do not include a protocol name. For example: 100.200.300.400:4172 The URL must contain the IP address and port number that a client system can use to reach the security server. You can type into the text box only if a PCoIP Secure Gateway is installed on the security server.
10
If you install the security server on Windows Server 2008, choose how to configure the Windows Firewall service.
If you install the security server on Windows Server 2003, you must configure the required Windows firewall rules manually. 11 Complete the installation wizard to finish installing the security server.
The security server services are installed on the Windows Server computer:
n n n n
VMware View Security Server VMware View Framework Component VMware View Security Gateway Component VMware View PCoIP Secure Gateway
For information about these services, see VMware View Administration. The security server appears in the Security Servers pane in View Administrator. What to do next If you are reinstalling the security server on a Windows Server 2008 operating system and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.
48
VMware, Inc.
Install a Security Server Silently

You can use the silent installation feature of the Microsoft Windows Installer (MSI) to install a security server on several Windows computers. In a silent installation, you use the command line and do not have to respond to wizard prompts. With silent installation, you can efficiently deploy View components in a large enterprise. Prerequisites
n
Determine the type of topology to use. For example, determine which load balancing solution to use. Decide if the View Connection Server instances that are paired with security servers will be dedicated to users of the external network. For information, see the VMware View Architecture Planning document. Verify that your installation satisfies the requirements described in View Connection Server Requirements, on page 7. Prepare your environment for the installation. See Installation Prerequisites for View Connection Server, on page 39. Verify that the View Connection Server instance to be paired with the security server is installed and configured and is running View Connection Server 4.6 or later. You cannot pair a View 4.6 or later security server with an older version of View Connection Server. Verify that the View Connection Server instance to be paired with the security server is accessible to the computer on which you plan to install the security server. Configure a security server pairing password. See Configure a Security Server Pairing Password, on page 46. Familiarize yourself with the format of external URLs. See Configuring External URLs for PCoIP Secure Gateway and Tunnel Connections, on page 61. Familiarize yourself with the network ports that must be opened on the Windows Firewall for a security server. See Firewall Rules for View Connection Server, on page 43. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation properties available with a security server. See Silent Installation Properties for a Security Server, on page 50.
Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 Open a command prompt on the Windows Server computer. Type the installation command on one line. For example: VMware-viewconnectionserver-4.5.x-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=3
VDM_SERVER_NAME=cs1.internaldomain.com VDM_SERVER_SS_EXTURL=https://view.companydomain.com: 443 VDM_SERVER_SS_PCOIP_IPADDR=10.20.30.40 VDM_SERVER_SS_PCOIP_TCPPORT=4172 VDM_SERVER_SS_PCOIP_UDPPORT=4172 VDM_SERVER_SS_PWD=secret"
The VMware View services are installed on the Windows Server computer. For details, see Install a Security Server, on page 47.
VMware, Inc.
49
Silent Installation Properties for a Security Server

You can include specific properties when you silently install a security server from the command line. You must use a PROPERTY=value format so that Microsoft Windows Installer (MSI) can interpret the properties and values. Table 5-4. MSI Properties for Silently Installing a Security Server
MSI Property INSTALLDIR Description The path and folder in which the View Connection Server software is installed. For example: INSTALLDIR=""D:\abc\my folder"" The sets of two double quotes that enclose the path permit the MSI installer to interpret the space as a valid part of the path. This MSI property is optional. VDM_SERVER_INSTANCE_ TYPE The type of View Connection Server installation:
n n n n
1. Standard installation 2. Replica installation 3. Security server installation 4. View Transfer Server installation
To install a security server, define VDM_SERVER_INSTANCE_TYPE=3 This MSI property is optional for a standard installation. It is required for all other types of installation. VDM_SERVER_NAME The host name or IP address of the existing View Connection Server instance to pair with the security server. For example: VDM_SERVER_NAME=cs1.internaldomain.com This MSI property is required. VDM_SERVER_SS_EXTURL The external URL of the security server. The URL must contain the protocol, externally resolvable security server name, and port number For example: VDM_SERVER_SS_EXTURL=https://view.companydomain.com:443 This MSI property is required. VDM_SERVER_SS_PWD The security server pairing password. For example: VDM_SERVER_SS_PWD=secret This MSI property is required. FWCHOICE The MSI property that determines whether to configure a firewall for the View Connection Server instance. A value of 1 configures a firewall. A value of 2 does not configure a firewall. For example: FWCHOICE=1 This MSI property is optional. VDM_SERVER_SS_PCOIP_IP ADDR The PCoIP Secure Gateway external IP address. This property is supported only when the security server is installed on Windows Server 2008 R2 or later. For example: VDM_SERVER_SS_PCOIP_IPADDR=10.20.30.40 The PCoIP Secure Gateway external TCP port number. This property is supported only when the security server is installed on Windows Server 2008 R2 or later. For example: VDM_SERVER_SS_PCOIP_TCPPORT=4172 The PCoIP Secure Gateway external UDP port number. This property is supported only when the security server is installed on Windows Server 2008 R2 or later. For example: VDM_SERVER_SS_PCOIP_UDPPORT=4172 None 1 None None None
VDM_SERVER_SS_PCOIP_T CPPORT
None
VDM_SERVER_SS_PCOIP_U DPPORT
None
50
VMware, Inc.
Microsoft Windows Installer Command-Line Options

To install View components silently, you must use Microsoft Windows Installer (MSI) command-line options and properties. The View component installers are MSI programs and use standard MSI features. You can also use MSI command-line options to uninstall View components silently. For details about MSI, see the Microsoft Web site. For MSI command-line options, see the Microsoft Developer Network (MSDN) Library Web site and search for MSI command-line options. To see MSI command-line usage, you can open a command prompt on the View component computer and type msiexec /?. To run a View component installer silently, you begin by disabling the bootstrap program that extracts the installer into a temporary directory and starts an interactive installation. Table 5-5 shows the command-line options that control the installer's bootstrap program. Table 5-5. Command-Line Options for a View Component's Bootstrap Program
Option /s Description Disables the bootstrap splash screen and extraction dialog, which prevents the display of interactive dialogs. For example: VMware-viewconnectionserver-4.6.x-xxxxxx.exe /s The /s option is required to run a silent installation. /v" Instructs the installer to pass the double-quote-enclosed string that you enter at the command line as a set of options for MSI to interpret. You must enclose your command-line entries between double quotes. Place a double quote after the /v and at the end of the command line. For example: VMware-viewagent-4.6.x-xxxxxx.exe /s /v"command_line_options" To instruct the MSI installer to interpret a string that contains spaces, enclose the string in two sets of double quotes. For example, you might want to install the View component in an installation path name that contains spaces. For example: VMware-viewconnectionserver-4.6.xxxxxxx.exe /s /v"command_line_options INSTALLDIR=""d:\abc\my folder""" In this example, the MSI installer passes on the installation-directory path and does not attempt to interpret the string as two command-line options. Note the final double quote that encloses the entire command line. The /v"command_line_options" option is required to run a silent installation.
MSI_command_line_options"
You control the remainder of a silent installation by passing command-line options and MSI property values to the MSI installer, msiexec.exe. The MSI installer includes the View component's installation code. The installer uses the values and options that you enter in the command line to interpret installation choices and setup options that are specific to the View component. Table 5-6 shows the command-line options and MSI property values that are passed to the MSI installer. Table 5-6. MSI Command-Line Options and MSI Properties
MSI Option or Property /qn Description Instructs the MSI installer not to display the installer wizard pages. For example, you might want to install View Agent silently and use only default setup options and features: VMware-viewagent-4.6.x-xxxxxx.exe /s /v"/qn" Alternatively, you can use the /qb option to display the wizard pages in a noninteractive, automated installation. As the installation proceeds, the wizard pages are displayed, but you cannot respond to them. The /qn or /qb option is required to run a silent installation. INSTALLDIR Specifies an alternative installation path for the View component. Use the format INSTALLDIR=path to specify an installation path. You can ignore this MSI property if you want to install the View component in the default path. This MSI property is optional.
VMware, Inc.
51
Table 5-6. MSI Command-Line Options and MSI Properties (Continued)

MSI Option or Property ADDLOCAL Description Determines the component-specific features to install. In an interactive installation, the View installer displays custom setup options to select. The MSI property, ADDLOCAL, lets you specify these setup options on the command line. To install all available custom setup options, enter ADDLOCAL=ALL. For example: VMware-viewagent-4.6.x-xxxxxx.exe /s /v"/qn ADDLOCAL=ALL" If you do not use the MSI property, ADDLOCAL, the default setup options are installed. To specify individual setup options, enter a comma-separated list of setup option names. Do not use spaces between names. Use the format ADDLOCAL=value,value,value.... For example, you might want to install View Agent in a guest operating system with the View Composer Agent and PCoIP features: VMware-viewagent-4.6.x-xxxxxx.exe /s /v"/qn ADDLOCAL=Core,SVIAgent,PCoIP" NOTE The Core feature is required in View Agent. This MSI property is optional. REBOOT You can use the REBOOT=ReallySuppress option to allow system configuration tasks to complete before the system reboots. This MSI property is optional. Writes logging information into the specified log file with verbose output. For example: /l*v ""%TEMP%\vmmsi.log"" This example generates a detailed log file that is similar to the log generated during an interactive installation. You can use this option to record custom features that might apply uniquely to your installation. You can use the recorded information to specify installation features in future silent installations. The /l*v option is optional.
/l*v log_file
Uninstalling View Products Silently by Using MSI Command-Line Options

You can uninstall View components by using Microsoft Windows Installer (MSI) command-line options.
Syntax
msiexec.exe /qb /x
product_code
Options
The /qb option displays the uninstall progress bar. To suppress displaying the uninstall progress bar, replace the /qb option with the /qn option. The /x option uninstalls the View component. The product_code string identifies the View component product files to the MSI uninstaller. You can find the product_code string by searching for ProductCode in the %TEMP%\vmmsi.log file that is created during the installation. For information about MSI command-line options, see Microsoft Windows Installer Command-Line Options, on page 51.
52
VMware, Inc.
Examples
Uninstall a View Connection Server instance.
msiexec.exe /qb /x {D6184123-57B7-26E2-809B-090435A8C16A}
Configuring User Accounts for vCenter Server and View Composer

To use vCenter Server with View Manager, you must configure a user account with permission to perform operations in vCenter Server. To use View Composer, you must give this vCenter Server user additional privileges. To manage desktops that are used in local mode, you must give this user privileges in addition to those that are required for View Manager and View Composer. You also must create a domain user for View Composer in Active Directory. See Create a User Account for View Composer, on page 25.
Where to Use the vCenter Server User and Domain User for View Composer
After you create and configure these two user accounts, you specify the user names in View Administrator.
n n n
You specify a vCenter Server user when you add vCenter Server to View Manager. You specify a domain user for View Composer when you configure View Composer for vCenter Server. You specify the domain user for View Composer when you create linked-clone pools.
Configure a vCenter Server User for View Manager, View Composer, and Local Mode
To configure a user account that gives View Manager permission to operate in vCenter Server, you must assign a role with appropriate privileges to that user. To use the View Composer service in vCenter Server, you must give the user account additional privileges. To manage desktops that are used in local mode, you must give the user account privileges that include View Manager, View Composer, and local mode privileges. To support View Composer, you also must make this user a local system administrator on the vCenter Server computer. Prerequisites
n
In Active Directory, create a user in the View Connection Server domain or a trusted domain. See Creating a User Account for vCenter Server, on page 24. Familiarize yourself with the privileges that are required for the user account. See View Manager Privileges Required for the vCenter Server User, on page 55. If you use View Composer, familiarize yourself with the additional required privileges. See View Composer Privileges Required for the vCenter Server User, on page 55. If you manage local desktops, familiarize yourself with the additional required privileges. See Local Mode Privileges Required for the vCenter Server User, on page 56.
VMware, Inc.
53
Procedure 1 In vCenter Server, prepare a role with the required privileges for the user.
n
You can use the predefined Administrator role in vCenter Server. This role can perform all operations in vCenter Server. If you use View Composer, you can create a limited role with the minimum privileges needed by View Manager and View Composer to perform vCenter Server operations. In vSphere Client, click Home > Roles > Add Role, enter a role name such as View Composer Administrator, and select privileges for the role. This role must have all the privileges that both View Manager and View Composer need to operate in vCenter Server.
If you manage local desktops, you can create a limited role with the minimum privileges needed by View Manager, View Composer, and the local mode feature to perform vCenter Server operations. In vSphere Client, click Home > Roles > Add Role, enter a role name such as Local Mode Administrator, and select privileges for the role. This role must have all the privileges that View Manager, View Composer, and the local mode feature need to operate in vCenter Server.
If you use View Manager without View Composer and do not manage local desktops, you can create an even more limited role with the minimum privileges needed by View Manager to perform vCenter Server operations. In vSphere Client, click Home > Roles > Add Role, enter a role name such as View Manager Administrator, and select privileges for the role.
In vSphere Client, right-click the vCenter Server at the top level of the inventory, click Add Permission, and add the vCenter Server user. NOTE You must define the vCenter Server user at the vCenter Server level.
3 4
From the drop-down menu, select the Administrator role, or the View Composer or View Manager role that you created, and assign it to the vCenter Server user. If you use View Composer, on the vCenter Server computer, add the vCenter Server user account as a member of the local system Administrators group. View Composer requires that the vCenter Server user is a system administrator on the vCenter Server computer.
What to do next In View Administrator, when you add vCenter Server to View Manager, specify the vCenter Server user. See Add vCenter Server Instances to View Manager, on page 57.
54
VMware, Inc.
View Manager Privileges Required for the vCenter Server User

The vCenter Server user must have sufficient privileges to enable View Manager to operate in vCenter Server. Create a View Manager role for the vCenter Server user with the required privileges. Table 5-7. View Manager Privileges
Privilege Group Folder Virtual Machine Privileges to Enable Create Folder Delete Folder In Configuration: n Add or remove device n Advanced n Modify device settings In Interaction: n Power Off n Power On n Reset n Suspend In Inventory: n Create new n Remove In Provisioning: n Customize n Deploy template n Read customization specifications Assign virtual machine to resource pool
Resource
View Composer Privileges Required for the vCenter Server User

To support View Composer, the vCenter Server user must have privileges in addition to those required to support View Manager. Create a View Composer role for the vCenter Server user with the View Manager privileges and these additional privileges. Table 5-8. View Composer Privileges
Privilege Group Datastore Privileges to Enable Allocate space Browse datastore Low level file operations Inventory (all) Configuration (all) State (all) In Provisioning: n Clone virtual machine n Allow disk access Assign virtual machine to resource pool Enable methods Disable methods System tag (all)
Virtual machine
Resource Global
Network
VMware, Inc.
55
Local Mode Privileges Required for the vCenter Server User

To manage desktops that are used in local mode, the vCenter Server user must have privileges in addition to those required to support View Manager and View Composer. Create a Local Mode Administrator role for the vCenter Server user that combines the View Manager privileges, View Composer privileges, and local mode privileges. Table 5-9. Local Mode Privileges
Privilege Group Global Host Privileges to Enable Set custom attribute In Configuration: System management
Configuring View Connection Server for the First Time

After you install View Connection Server, you must install a product license, add vCenter Servers and View Composer services to View Manager, add security servers if you use them, and set external URLs for client desktops that run outside your network.
View Administrator and View Connection Server

View Administrator provides a management interface for View Manager. Depending on your View deployment, you use one or more View Administrator interfaces.
n
Use one View Administrator interface to manage the View components that are associated with a single, standalone View Connection Server instance or a group of replicated View Connection Server instances. You can use the IP address of any replicated instance to log in to View Administrator.
You must use a separate View Administrator interface to manage the View components for each single, standalone View Connection Server instance and each group of replicated View Connection Server instances.
You also use View Administrator to manage security servers and View Transfer Server instances associated with View Connection Server.
n n
Each security server is associated with one View Connection Server instance. Each View Transfer Server instance can communicate with any View Connection Server instance in a group of replicated instances.
Log In to View Administrator

To perform initial configuration tasks, you must log in to View Administrator. Prerequisites
n n
Verify that View Connection Server is installed on a dedicated computer. Verify that you are using a Web browser supported by View Administrator. See View Administrator Requirements, on page 9.
56
VMware, Inc.
Procedure 1 Open your Web browser and enter the following URL, where server is the host name or IP address of the View Connection Server instance.
https://server/admin
You access View Administrator by using a secure (SSL) connection. When you first connect, your Web browser might display a page warning that the security certificate associated with the address is not issued by a trusted certificate authority. This response is expected behavior because the default certificate supplied with View Connection Server is self-signed. 2 3 Click Ignore to continue using the current SSL certificate. Log in using administrator credentials on the View Connection Server computer. Initially, all users who are members of the local Administrators group (BUILTIN\Administrators) on the View Connection Server computer are allowed to log in to View Administrator. After you log in to View Administrator, you can use View Configuration > Administrators to change the list of View Manager administrators.
Install the View Connection Server License Key

Before you can use View Connection Server, you must enter the product license key. The first time you log in, View Administrator displays the Product Licensing and Usage page. After you install the license key, View Administrator displays the dashboard page when you log in. You do not have to configure a license key when you install a replicated View Connection Server instance or a security server. Replicated instances and security servers use the common license key stored in the View LDAP configuration. NOTE You must use a View 4.x license key for View Connection Server 4.x. A license key provided with View 3.x or earlier does not work with the new license model introduced in View 4.x. Procedure 1 2 3 4 5 If the View Configuration view is not displayed, click View Configuration in the left navigation pane. Click Product Licensing and Usage. On the Product Licensing table, click Edit License and enter the View Manager license serial number. Click OK. Verify the license expiration date.
Add vCenter Server Instances to View Manager

You must configure View Manager to connect to the vCenter Server instances in your View deployment. vCenter Server creates and manages the virtual machines that View Manager uses as desktop sources. If you run vCenter Server instances in a Linked Mode group, you must add each vCenter Server instance to View Manager separately.
VMware, Inc.
57
Prerequisites
n n
Install the View Connection Server product license key. Prepare a vCenter Server user with permission to perform the operations in vCenter Server that are necessary to support View Manager. To use View Composer, you must give the user additional privileges. To manage desktops that are used in local mode, you must give the user privileges in addition to those that are required for View Manager and View Composer. See Configure a vCenter Server User for View Manager, View Composer, and Local Mode, on page 53.
If you plan to have View Connection Server connect to the vCenter Server instance using a secure channel (SSL), install a server SSL certificate on the vCenter Server host.
Procedure 1 2 3 In View Administrator, click View Configuration > Servers. In the vCenter Servers panel, click Add. In the server address text box, type the fully qualified domain name (FQDN) or IP address of the vCenter Server instance. The FQDN includes the host name and domain name. For example, in the FQDN myserverhost.companydomain.com, myserverhost is the host name and companydomain.com is the domain. NOTE If you enter a server by using a DNS name or URL, View Manager does not perform a DNS lookup to verify whether an administrator previously added this server to View Manager by using its IP address. A conflict arises if you add a vCenter Server with both its DNS name and its IP address. 4 5 6 7 8 Type the name of the vCenter Server user. Type the vCenter Server user password. (Optional) Type a description for this vCenter Server instance. To connect to the vCenter Server instance using a secure channel (SSL), make sure that Connect using SSL is selected. SSL connection is the default setting. Type the TCP port number. The default port is 443. 9 (Optional) Click Advanced to configure the maximum concurrent pool operations in vCenter Server. a Set the maximum number of concurrent provisioning operations. This setting determines the largest number of concurrent requests that View Manager can make to provision full virtual machines in this vCenter Server instance. The default value is eight. This setting does not control linked-clone provisioning. b Set the maximum number of concurrent power operations. This setting determines the largest number of power operations (startup, shutdown, suspend, and so on) that can take place simultaneously on virtual machines managed by View Manager in this vCenter Server instance. The default value is five. This setting controls power operations for full virtual machines and linked clones. 10 Choose whether to configure View Composer.
Option You are not using View Composer You are using View Composer Action Click OK. Configure the View Composer settings.
58
VMware, Inc.
What to do next If this View Connection Server instance or group of replicated View Connection Server instances uses multiple vCenter Server instances, repeat this procedure to add the other vCenter Server instances.
Configure View Composer Settings for vCenter Server

To use View Composer, you must configure View Manager with initial settings that match the settings for the View Composer service that is installed in vCenter Server. View Composer is a feature of View Manager, but its service operates directly on virtual machines in vCenter Server. NOTE If you are not using View Composer, you can skip this task. Prerequisites
n
Your Active Directory administrator must create a domain user with permission to add and remove virtual machines from the Active Directory domain that contains your linked clones. To manage the linked-clone machine accounts in Active Directory, the domain user must have Create Computer Objects, Delete Computer Objects, and Write All Properties permissions. See Create a User Account for View Composer, on page 25.
You must configure View Manager to connect to vCenter Server. See Add vCenter Server Instances to View Manager, on page 57.
Procedure 1 In View Administrator, open the Edit vCenter Server dialog box. a b c 2 Click View Configuration > Servers. In the vCenter Servers panel, select the vCenter Server entry. Click Edit.
Select Enable View Composer and make sure that the port number is the same as the port that you specified when you installed the View Composer service on vCenter Server. View Manager verifies that the View Composer service is running on vCenter Server.
Click Add to add the domain user for View Composer account information. a Type the domain name of the Active Directory domain. For example: domain.com b Type the domain user name, including the domain name. For example: domain.com\admin c d e Type the account password. Click OK. To add domain user accounts with privileges in other Active Directory domains in which you deploy linked-clone pools, repeat the preceding steps.
Click OK to close the Edit vCenter Server dialog box.
What to do next Repeat this procedure for each vCenter Server instance in which View Composer services are installed.
VMware, Inc.
59
Configuring View Client Connections

View clients communicate with a View Connection Server or security server host over secure connections. The initial View Client connection, which is used for user authentication and View desktop selection, is created over HTTPS when a user provides a domain name or IP address to View Client. If firewall and load balancing software are configured correctly in your network environment, this request reaches the View Connection Server or security server host. With this connection, users are authenticated and a desktop is selected, but users have not yet connected to View desktops. When users connect to View desktops, by default View Client makes a second connection to the View Connection Server or security server host. This connection is called the tunnel connection because it provides a secure tunnel for carrying RDP and other data over HTTPS. When users connect to View desktops with the PCoIP display protocol, View Client can make a further connection to the PCoIP Secure Gateway on the View Connection Server or security server host. The PCoIP Secure Gateway ensures that only authenticated users can communicate with View desktops over PCoIP. When the secure tunnel or PCoIP Secure Gateway is disabled, View desktop sessions are established directly between the client system and the View desktop virtual machine, bypassing the View Connection Server or security server host. This type of connection is called a direct connection. Typically, to provide secure connections for external clients that connect to a security server or View Connection Server host over a WAN, you enable both the secure tunnel and the PCoIP Secure Gateway. You can disable the secure tunnel and the PCoIP Secure Gateway to allow internal, LAN-connected clients to establish direct connections to View desktops. Certain View Client endpoints, such as thin clients, do not support the tunnel connection and use direct connections for RDP data, but do support the PCoIP Secure Gateway for PCoIP data. Clients that use the HP RGS display protocol do not use the tunnel connection or PCoIP Secure Gateway. SSL for client connections is enabled by default. You can disable SSL so that initial and tunnel connections take place over HTTP, not HTTPS. Disabling SSL might be acceptable for internal, LAN-connected clients where communications are protected by a firewall. See Configure SSL for Client Connections, on page 87.
Configure the PCoIP Secure Gateway and Secure Tunnel Connections

You use View Administrator to configure the use of the secure tunnel and PCoIP Secure Gateway. These components ensure that only authenticated users can communicate with View desktops. Clients that use the PCoIP display protocol can use the PCoIP Secure Gateway. Clients that use the RDP display protocol can use the secure tunnel. Clients that use the HP RGS display protocol cannot use either secure connection. These clients must use direct connections. IMPORTANT A typical network configuration that provides secure connections for external clients includes a security server. To use View Administrator to enable or disable the secure tunnel and PCoIP Secure Gateway on a security server, you must edit the View Connection Server instance that is paired with the security server. In a network configuration in which external clients connect directly to a View Connection Server host, you enable or disable the secure tunnel and PCoIP Secure Gateway by editing that View Connection Server instance in View Administrator. Procedure 1 2 In View Administrator, select View Configuration > Servers. In the View Connection Servers panel, select a View Connection Server instance and click Edit.
60
VMware, Inc.
Configure use of the secure tunnel.

Option Disable the secure tunnel Enable the secure tunnel Description Deselect Use secure tunnel connection to desktop. Select Use secure tunnel connection to desktop.
The secure tunnel is enabled by default. 4 Configure use of the PCoIP Secure Gateway.
Option Enable the PCoIP Secure Gateway Disable the PCoIP secure Gateway Description Select Use PCoIP Secure Gateway for PCoIP connections to desktop Deselect Use PCoIP Secure Gateway for PCoIP connections to desktop
The PCoIP Secure Gateway is disabled by default. 5 Click OK to save your changes.
Configuring External URLs for PCoIP Secure Gateway and Tunnel Connections
To use the secure tunnel, a client system must have access to an IP address, or a fully qualified domain name (FQDN) that it can resolve to an IP address, that allows the client to reach a View Connection Server or security server host. To use the PCoIP Secure Gateway, a client system must have access to an IP address that allows the client to reach a View Connection Server or security server host.
Using Tunnel Connections From External Locations

By default, a View Connection Server or security server host can be contacted only by tunnel clients that reside within the same network and are therefore able to locate the requested host. Many organizations require that users can connect from an external location by using a specific IP address or client-resolvable domain name, and a specific port. This information might or might not resemble the actual address and port number of the View Connection Server or security server host. The information is provided to a client system in the form of a URL. For example:
n n n n https://view-example.com:443 https://view.example.com:443 https://example.com:1234 https://100.200.300.400:443
To use addresses like these in View Manager, you must configure the View Connection Server or security server host to return an external URL instead of the host's FQDN.
Configuring External URLs

You configure two external URLs. One URL allows client systems to make tunnel connections. The other allows client systems that use PCoIP to make secure connections through the PCoIP Secure Gateway. You must specify the PCoIP external URL as an IP address, which allows client systems to connect from an external location. If your network configuration includes security servers, provide external URLs for the security servers. External URLs are not required on the View Connection Server instances that are paired with the security servers.
VMware, Inc.
61
The process of configuring the external URLs is different for View Connection Server instances and security servers.
n
For a View Connection Server instance, you set the external URLs by editing View Connection Server settings in View Administrator. For a security server, you set the external URLs when you run the View Connection Server installation program. You can use View Administrator to modify an external URL for a security server.
Set the External URLs for a View Connection Server Instance

You use View Administrator to configure the external URLs for a View Connection Server instance. Both the secure tunnel external URL and PCoIP external URL must be the addresses that client systems use to reach this View Connection Server instance. For example, do not specify the secure tunnel external URL for this instance and the PCoIP external URL for a paired security server. Procedure 1 2 3 In View Administrator, click View Configuration > Servers. In the View Connection Servers panel, select a View Connection Server instance and click Edit. Type the secure tunnel external URL in the External URL text box. The URL must contain the protocol, client-resolvable host name or IP address, and port number. For example: https://view.example.com:443 4 Type the PCoIP Secure Gateway external URL in the PCoIP External URL text box. Specify the PCoIP external URL as an IP address with the port number 4172. Do not include a protocol name. For example: 100.200.300.400:4172 The URL must contain the IP address and port number that a client system can use to reach this View Connection Server host. You can type into the text box only if a PCoIP Secure Gateway is installed on the View Connection Server instance. 5 Click OK.
Modify the External URLs for a Security Server

You use View Administrator to modify the external URLs for a security server. You initially configure the external URLs for a security server in the View Connection Server installation program. Both the secure tunnel external URL and PCoIP external URL must be the addresses that client systems use to reach this security server. For example, do not specify the secure tunnel external URL for this security server and the PCoIP external URL for a paired View Connection Server instance. Prerequisites Verify that the security server is upgraded to View Connection Server 4.6. Procedure 1 2 In View Administrator, select View Configuration > Servers. In the Security Servers panel, select the security server and click Edit. The Edit button is unavailable if the security server is not upgraded to View Connection Server 4.5 or 4.6.
62
VMware, Inc.
Type the Secure Tunnel external URL in the External URL text box. The URL must contain the protocol, client-resolvable security server host name or IP address, and port number. For example: https://view.example.com:443
Type the PCoIP Secure Gateway external URL in the PCoIP External URL text box. Specify the PCoIP external URL as an IP address with the port number 4172. Do not include a protocol name. For example: 100.200.300.400:4172 The URL must contain the IP address and port number that a client system can use to reach this security server. You can type into the text box only if a PCoIP Secure Gateway is installed on the security server.
Click OK to save your changes.
View Administrator sends the updated external URLs to the security server. You do not need to restart the security server service for the changes to take effect.
Sizing Windows Server Settings to Support Your Deployment

To support a large deployment of View Manager desktops, you can configure the Windows Server computers on which you install View Connection Server. On each computer, you can size the ephemeral ports, TCB hash table, Java Virtual Machine settings, and Windows page-file. These adjustments ensure that the computers have adequate resources to run correctly with the expected user load. For hardware and memory requirements for View Connection Server, see Hardware Requirements for View Connection Server, on page 7. For hardware and memory recommendations for using View Connection Server in a large View deployment, see "Connection Server Virtual Machine Configuration and Maximums" in the VMware View Architecture Planning document.
Ephemeral Ports
View Manager uses ephemeral ports to establish TCP connections between View Connection Server and the View desktops that it administers. To support a large View desktop deployment, you can increase the number of available ephemeral ports. An ephemeral port is a short-lived endpoint that is created by the operating system when a program requests any available user port. The operating system selects the port number from a predefined range, typically between 1024 and 65535, and releases the port after the related TCP connection terminates. By default, the system can create a maximum of approximately 4,000 ephemeral ports that run concurrently on Windows Server 2003 and approximately 16,000 on Windows Server 2008. On 32-bit Windows Server 2003 computers, you should increase the number of available ephemeral ports if a View Connection Server instance is likely to use more than 800 concurrent client connections.
VMware, Inc.
63
Calculate the Number of Ephemeral Ports

You can calculate the number of ephemeral ports that are needed on each View Connection Server instance to support a large number of concurrent client connections. Procedure
u
Use the following formula.

Number of ephemeral ports = ( (5 x clients) / servers ) + 10
Where
clients servers
Projected number of concurrent client connections Number of View Connection Server instances in the replicated group
Example: Calculating the Number of Ephemeral Ports For example, you might plan a deployment managed by three View Connection Server instances. If you anticipate having 3,000 concurrent client connections, you would need 5,010 ephemeral ports, as shown in Table 5-10. Table 5-10. Example of Calculating the Number of Ephemeral Ports
Configuration Parameter Projected number of concurrent client connections Number of View Connection Server instances in the replicated group ( (5 x clients) / servers ) + 10 = number of ephemeral ports on each View Connection Server Sample Values 3,000 3 (5x3,000) / 3 + 10 = 5,010
What to do next Use the Worksheets for Calculating Ephemeral Ports and TCB Hash Table Size, on page 67 to fill in values for your deployment.
Increase the Number of Ephemeral Ports

You can edit the Windows registry to increase the maximum number of ephemeral ports on a Windows Server computer on which View Connection Server runs. Active Directory group policies can override registry entries. When possible, use a group policy to set the maximum number of ephemeral ports on View Connection Server. Prerequisites Calculate the number of ephemeral ports to configure on the Windows Server computer. See Calculate the Number of Ephemeral Ports, on page 64. Modify the Windows registry value only if the resulting number of ports is greater than 4,000 on Windows Server 2003 or greater than 16,000 on Windows Server 2008.
64
VMware, Inc.
Procedure 1 On the Windows Server computer, start the Windows Registry Editor. a b 2 Select Start > Command Prompt. At the command prompt, type regedit.
In the registry, locate the correct subkey and click Parameters.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Click Edit > New and add the registry entry.

Value Name: MaxUserPort Value Type: DWORD Value data: 1024 + calculated number of ephemeral ports Valid Range: 5000-65534 (decimal)
4 5
Exit the Windows Registry Editor. Restart the Windows Server computer.
Increasing the Size of the TCB Hash Table

The transmission control block (TCB) holds information about TCP connections that are made between View Connection Server clients and their desktop sources. To support a large View desktop deployment on Windows Server 2003 computers, you can increase the size of the TCB hash table. On Windows Server 2008 computers, you do not need to increase the maximum size of the TCB hash table. Windows Server 2008 fully tunes this value by default. The TCB is a memory-resident data structure that contains socket numbers, the location of incoming and outgoing data buffers, bytes received or unacknowledged, and other information. To retrieve this information quickly, Windows Server stores TCB data structures in a hash table. By default, Windows Server 2003 configures the number of hash table rows based on the number of CPUs in the Windows Server computer. Table 5-11. Maximum TCB Hash Table Size on Windows Server 2003
Number of CPUs 1 2 4 8 Maximum Number of TCB Hash Table Rows 128 512 2,048 8,192
You use two different formulas to calculate the TCB hash table size on View Connection Server instances and security servers.
VMware, Inc.
65
Calculate the Size of the TCB Hash Table for View Connection Server
To support a large number of View desktops, you can optimize the size of the TCB hash table on each View Connection Server instance. Calculate the size in rows. Procedure
u

Number of hash table rows on each View Connection Server instance = ( (5 x clients) / servers ) + desktops + 20
Where
clients servers desktops
Projected number of concurrent client connections Number of View Connection Server instances in the replicated group Number of View desktop sources in your deployment
Example: Calculating the Size of the TCB Hash Table on Each View Connection Server For example, you might have 3,000 concurrent client connections, three View Connection Server instances, and 6,000 View desktop sources in your deployment. For each View Connection Server instance, the result is 11,020, as shown in Table 5-12. Table 5-12. Example of Calculating the Size of the TCB Hash Table on Each View Connection Server
Configuration Parameter Projected number of concurrent client desktop connections Number of View Connection Server instances Number of View desktop sources ( (5 x clients) / servers ) + desktops + 20 = number of TCB hash table rows on each server Sample Values 3,000 3 6,000 (5x3,000) / 3 + 6,000 + 20 = 11,020
Calculate the Size of the TCB Hash Table for Security Servers
To support a large number of View desktops, you can optimize the size of the TCB hash table on each security server. Calculate the size in rows. Procedure
u

Number of hash table rows = ( (5 x clients) / security servers ) + 10
Where
clients security servers
Projected number of concurrent client connections Number of security servers
Example: Calculating the Size of the TCB Hash Table on Each Security Server For example, you might have 3,000 concurrent client connections and two security servers in your deployment.
66
VMware, Inc.
For each security server, the result is 7,510, as shown in Table 5-13. Table 5-13. Example of Calculating the Size of the TCB Hash Table on Each Security Server
Configuration Parameter Projected number of concurrent client desktop connections Number of security servers ( (5 x clients) / security servers ) + 10 = number of TCB hash table rows on each security server Sample Values 3,000 2 (5x3,000) / 2 + 10 = 7,510
Increase the Size of the TCB Hash Table on a Windows Server Computer
Edit the Windows registry to increase the size of the TCB hash table on a Windows Server computer on which View Connection Server runs. Active Directory group policies can override registry entries. When possible, use a group policy to set the size of the TCB hash table on View Connection Server. Procedure 1 On the Windows Server computer, start the Windows Registry Editor a b 2 Select Start > Command Prompt. At the command prompt, type regedit.
In the registry, locate the subkey and click Parameters.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Click Edit > New and add the following registry entry.
Value Value Value Valid Name: MaxHashTableSize Type: DWORD data: calculated hash table size Range: 64-65536 (decimal)
4 5
Exit the Windows Registry Editor. Restart the Windows Server computer.
Worksheets for Calculating Ephemeral Ports and TCB Hash Table Size
Use these worksheets to calculate the number of ephemeral ports and the size of the TCB hash table on each View Connection Server instance and security server in your deployment. Table 5-14. Configuration Parameters
Configuration Parameters Projected number of concurrent client connections Number of View Connection Server instances Number of security servers Number of View desktop sources Fill in Your Site's Value
VMware, Inc.
67
Table 5-15. Number of Ephemeral Ports

Number of Ephemeral Ports ( (5 x clients) / servers ) + 10 = number of ephemeral ports on each View Connection Server instance Fill in Your Site's Value
Table 5-16. TCB Hash Table Size for View Connection Servers
Hash Table Size for View Connection Servers ( (5 x clients) / servers ) + desktops + 20 = Number of hash table rows on each View Connection Server instance Fill in Your Site's Value
Table 5-17. TCB Hash Table Size for Security Servers

Hash Table Size for Security Servers ( (5 x clients) / security servers ) + 10 = Number of hash table rows on each security server Fill in Your Site's Value
Sizing the Java Virtual Machine

The View Connection Server installer sizes the Java Virtual Machine (JVM) heap memory on View Connection Server computers to support a large number of concurrent View desktop sessions. However, when View Connection Server runs on a 32-bit Windows Server computer, the View Secure Gateway Server component is configured with a limited JVM heap size. To size your deployment adequately, you can increase the JVM heap size on 32-bit computers. On a 64-bit Windows Server computer with at least 10GB of memory, the installer configures a JVM heap size of 2GB for the View Secure Gateway Server component. This configuration supports approximately 2,000 concurrent tunnel sessions, the maximum number that View Connection Server can support. There is no benefit in increasing the JVM heap size on a 64-bit computer with 10GB of memory. NOTE On a 64-bit View Connection Server computer, 10GB of memory is recommended for deployments of 50 or more View desktops. Configure less than 10GB of memory for small, proof-of-concept deployments only. If a 64-bit computer has less than 10GB of memory, the installer configures a JVM heap size of 512MB for the View Secure Gateway Server component. If the computer has the required minimum of 4GB of memory, this configuration supports approximately 500 concurrent tunnel sessions. This configuration is more than adequate to support small, proof-of-concept deployments. If you increase a 64-bit computer's memory to 10GB to support a larger deployment, View Connection Server does not increase the JVM heap size. To adust the JVM heap size to the recommended value, reinstall View Connection Server. On a 32-bit Windows Server computer, the default JVM heap size is 512MB for the View Secure Gateway Server component. This JVM heap size can support approximately 750 concurrent tunnel sessions. To support more than 750 sessions, the computer must have at least 3GB of memory and the JVM heap size should be increased to 1GB. A JVM heap size of 1GB supports 1,500 concurrent tunnel sessions, the maximum number that View Connection Server can support on a 32-bit computer.
68
VMware, Inc.
Increase the JVM Heap Size on 32-Bit Windows Server Computers

You can edit the Windows registry to increase the JVM heap size on a 32-bit Windows Server computer on which View Connection Server is installed. IMPORTANT Do not change the JVM heap size on 64-bit Windows Server computers. Changing this value might make View Connection Server behavior unstable. On 64-bit computers, the View Connection Server installer sets the JVM heap size to accord with the physical memory. If you change the physical memory on a 64-bit View Connection Server computer, reinstall View Connection Server to reset the JVM heap size. On a 32-bit computer, if you increase the JVM heap size and reinstall or upgrade the View Connection Server software, you must increase the JVM heap size again. This value is reset each time the View Connection Server software is reinstalled or upgraded. Procedure 1 On the Windows Server computer, start the Windows Registry Editor. a b 2 Select Start > Command Prompt. At the command prompt, type regedit.
In the registry, locate the subkey and click JvmOptions.

HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\Plugins\wsnm\tunnelService\Params
Click Edit > Modify. A Windows dialog box displays an entry like the following one.
-Xms128m -Xmx512m -Xss96k -Xrs -XX:+UseConcMarkSweepGC -Dsimple.http.poller=simple.http.GranularPoller -Dsimple.http.connect.configurator=com.vmware.vdi.front.SimpleConfigurator
Edit the -Xmx parameter to have the value -Xmx1024m. The dialog box displays the following entry.
-Xms128m -Xmx1024m -Xss96k -Xrs -XX:+UseConcMarkSweepGC -Dsimple.http.poller=simple.http.GranularPoller -Dsimple.http.connect.configurator=com.vmware.vdi.front.SimpleConfigurator
5 6
Click OK and exit the Registry Editor. Restart the Windows Server computer.
Configure the System Page-File Settings

You can optimize the virtual memory on the Windows Server computers on which your View Connection Server instances are installed by changing the system page-file settings. When Windows Server is installed, Windows calculates an initial and maximum page-file size based on the physical memory installed on the computer. These default settings remain fixed even after you restart the computer. If the Windows Server computer is a virtual machine, you can change the memory size through vCenter Server. However, if Windows uses the default setting, the system page-file size does not adjust to the new memory size.
VMware, Inc.
69
Procedure 1 On the Windows Server computer on which View Connection Server is installed, navigate to the Virtual Memory dialog box. By default, Custom size is selected. An initial and maximum page-file size appear. 2 Click System managed size.
Windows continually recalculates the system page-file size based on current memory use and available memory.
70
VMware, Inc.
Installing View Transfer Server
View Transfer Server transfers data between local desktops and the datacenter during check in, check out, and replication. To install View Transfer Server, you install the software on a Windows Server virtual machine, add View Transfer Server to your View Manager deployment, and configure the Transfer Server repository. You must install and configure View Transfer Server if you deploy View Client with Local Mode on client computers. You must have a license to install View Transfer Server and use local desktops. 1 Install View Transfer Server on page 71 View Transfer Server downloads system-image files, synchronizes data between local desktops and the corresponding remote desktops in the datacenter, and transfers data when users check in and check out local desktops. You install View Transfer Server in a virtual machine that runs Windows Server. 2 Add View Transfer Server to View Manager on page 73 View Transfer Server works with View Connection Server to transfer files and data between local desktops and the datacenter. Before View Transfer Server can perform these tasks, you must add it to your View Manager deployment. 3 Configure the Transfer Server Repository on page 74 The Transfer Server repository stores View Composer base images for linked-clone desktops that run in local mode. To give View Transfer Server access to the Transfer Server repository, you must configure it in View Manager. If you do not use View Composer linked clones in local mode, you do not have to configure a Transfer Server repository. 4 5 Firewall Rules for View Transfer Server on page 75 Certain incoming TCP ports must be opened on the firewall for View Transfer Server instances. Installing View Transfer Server Silently on page 75 You can install View Transfer Server silently by typing the installer filename and installation options at the command line. With silent installation, you can efficiently deploy View components in a large enterprise.
Install View Transfer Server

View Transfer Server downloads system-image files, synchronizes data between local desktops and the corresponding remote desktops in the datacenter, and transfers data when users check in and check out local desktops. You install View Transfer Server in a virtual machine that runs Windows Server. At runtime, View Transfer Server is deployed to an Apache Web Server. When you install View Transfer Server, the installer configures Apache Web Server as a service on the virtual machine. The Apache service uses ports 80 and 443.
VMware, Inc.
71
Prerequisites
n
Verify that you have local administrator privileges on the Windows Server on which you will install View Transfer Server. Verify that your installation satisfies the View Transfer Server requirements described in View Transfer Server Requirements, on page 12. Verify that you have a license to install View Transfer Server and use local desktops. Familiarize yourself with the network ports that must be opened on the Windows Firewall for View Connection Server instances. See Firewall Rules for View Transfer Server, on page 75.
n n
CAUTION Verify that the virtual machine that hosts View Transfer Server is configured with an LSI Logic Parallel SCSI controller. You cannot install View Transfer Server on a virtual machine with a SAS or VMware paravirtual controller. On Windows Server 2008 virtual machines, the LSI Logic SAS controller is selected by default. You must change this selection to an LSI Logic Parallel controller before you install the operating system. Procedure 1 Download the VMware View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 4 5 6 To start the installation program, double-click the installer file. Accept the VMware license terms. Accept or change the destination folder. Select View Transfer Server. Configure the Apache Web Server to which View Transfer Server is deployed. You can accept the default values for the network domain, Apache Server name, and administrator's email address that are provided by the installer. 7 If you install View Transfer Server on Windows Server 2008, choose how to configure the Windows Firewall service.
If you install View Transfer Server on Windows Server 2003, you must configure the required Windows firewall rules manually. 8 Complete the installation program to install View Transfer Server.
The VMware View Transfer Server, View Transfer Server Control Service, and VMware View Framework Component services are installed and started on the virtual machine. What to do next In View Administrator, add View Transfer Server to your View Manager deployment.
72
VMware, Inc.
Chapter 6 Installing View Transfer Server
Add View Transfer Server to View Manager

View Transfer Server works with View Connection Server to transfer files and data between local desktops and the datacenter. Before View Transfer Server can perform these tasks, you must add it to your View Manager deployment. You can add multiple View Transfer Server instances to View Manager. The View Transfer Server instances access one common Transfer Server repository. They share the transfer workload for the local desktops that are managed by a View Connection Server instance or by a group of replicated View Connection Server instances. NOTE When View Transfer Server is added to View Manager, its Distributed Resource Scheduler (DRS) automation policy is set to Manual, which effectively disables DRS. Prerequisites
n n
Verify that View Transfer Server is installed on a Windows Server virtual machine. Verify that vCenter Server is added to View Manager. The View Configuration > Servers page in View Administrator displays vCenter Server instances that are added to View Manager.
Procedure 1 2 3 4 In View Administrator, click View Configuration > Servers. In the Transfer Servers panel, click Add. In the Add Transfer Server wizard, select the vCenter Server instance that manages the View Transfer Server virtual machine and click Next. Select the virtual machine where View Transfer Server is installed and click Finish. View Connection Server reconfigures the virtual machine with four SCSI controllers. The multiple SCSI controllers allow View Transfer Server to perform an increased number of disk transfers concurrently. In View Administrator, the View Transfer Server instance appears in the Transfer Servers panel. If no Transfer Server repository is configured, the View Transfer Server status changes from Pending to Missing Transfer Server Repository. If a Transfer Server repository is configured, the status changes from Pending to Initializing Transfer Server Repository to Ready. This process can take several minutes. You can click the refresh button in View Administrator to check the current status. When the View Transfer Server instance is added to View Manager, the Apache2.2 service is started on the View Transfer Server virtual machine. CAUTION If your View Transfer Server virtual machine is an earlier version than hardware version 7, you must configure the static IP address on the View Transfer Server virtual machine after you add View Transfer Server to View Manager. When multiple SCSI controllers are added to the View Transfer Server virtual machine, Windows removes the static IP address and reconfigures the virtual machine to use DHCP. After the virtual machine restarts, you must re-enter the static IP address in the virtual machine.
VMware, Inc.
73
Configure the Transfer Server Repository

The Transfer Server repository stores View Composer base images for linked-clone desktops that run in local mode. To give View Transfer Server access to the Transfer Server repository, you must configure it in View Manager. If you do not use View Composer linked clones in local mode, you do not have to configure a Transfer Server repository. If View Transfer Server is configured in View Manager before you configure the Transfer Server repository, View Transfer Server validates the location of the Transfer Server repository during the configuration. If you plan to add multiple View Transfer Server instances to this View Manager deployment, configure the Transfer Server repository on a network share. Other View Transfer Server instances cannot access a Transfer Server repository that is configured on a local drive on one View Transfer Server instance. Make sure that the Transfer Server repository is large enough to store your View Composer base images. A base image can be several gigabytes in size. If you configure a remote Transfer Server repository on a network share, you must provide a user ID with credentials to access the network share. As a best practice, to enhance the security of access to the Transfer Server repository, make sure that you restrict network access for the repository to View administrators. Prerequisites
n n
Verify that View Transfer Server is installed on a Windows Server virtual machine. Verify that View Transfer Server is added to View Manager. See Add View Transfer Server to View Manager, on page 73. NOTE Adding View Transfer Server to View Manager before you configure the Transfer Server repository is a best practice, not a requirement.
Procedure 1 Configure a path and folder for the Transfer Server repository. The Transfer Server repository can be on a local drive or a network share.
Option Local Transfer Server repository Action On the virtual machine where View Transfer Server is installed, create a path and folder for the Transfer Server repository. For example: C:\TransferRepository\ Configure a UNC path for the network share. For example: \\server.domain.com\TransferRepository\ All View Transfer Server instances that you add to this View Manager deployment must have network access to the shared drive.
Remote Transfer Server repository
2 3
In View Administrator, click View Configuration > Servers. Put all View Transfer Server instances into maintenance mode. a b In the Transfer Servers panel, select a View Transfer Server instance. Click Enter Maintenance Mode and click OK. The View Transfer Server status changes to Maintenance mode. c Repeat Step 3a and Step 3b for each instance.
When all View Transfer Server instances are in maintenance mode, current transfer operations are stopped. 4 In the Transfer Servers panel, next to Transfer Server repository, click None Configured.
74
VMware, Inc.
5 6
In the General panel on the Transfer Server repository page, click Edit. Type the Transfer Server repository location and other information.
Option Network Share Description
n n n n
Path. Type the UNC path that you configured. Username. Type the user ID of an administrator with credentials to access the network share. Password. Type the administrator password. Domain. Type the domain name of the network share in NetBIOS format. Do not use the .com suffix.
Local File System
Type the path that you configured on the local View Transfer Server virtual machine.
Click OK. If the repository network path or local drive is incorrect, the Edit Transfer Server Repository dialog displays an error message and does not let you configure the location. You must type a valid location.
On the View Configuration > Servers page, select the View Transfer Server instance and click Exit Maintenance Mode. The View Transfer Server status changes to Ready.
Firewall Rules for View Transfer Server

Certain incoming TCP ports must be opened on the firewall for View Transfer Server instances. When you install View Transfer Server on Windows Server 2008, the installation program can optionally configure the required Windows firewall rules for you. When you install View Transfer Server on Windows Server 2003, you must configure the required Windows firewall rules manually. Table 6-1 lists the incoming TCP ports that must be opened on the firewall for View Transfer Server instances. Table 6-1. TCP Ports for View Transfer Server Instances
Protocol HTTP HTTPS Ports 80 443
Installing View Transfer Server Silently

You can install View Transfer Server silently by typing the installer filename and installation options at the command line. With silent installation, you can efficiently deploy View components in a large enterprise.
Set Group Policies to Allow Silent Installation of View Transfer Server

Before you can install View Transfer Server silently, you must configure Microsoft Windows group policies to allow installation with elevated privileges. You must set Windows Installer group policies for computers and for users on the local computer. Prerequisites Verify that you have local administrator privileges on the Windows Server computer on which you will install View Transfer Server.
VMware, Inc.
75
Procedure 1 2 3 4 5 6 7 8 Log in to the Windows Server computer and click Start > Run. Type gpedit.msc and click OK. In the Group Policy Object Editor, click Local Computer Policy > Computer Configuration. Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. In the Always Install with Elevated Privileges Properties window, click Enabled and click OK. In the left pane, click User Configuration. Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. In the Always Install with Elevated Privileges Properties window, click Enabled and click OK.
What to do next Install View Transfer Server silently.
Install View Transfer Server Silently

You can use the silent installation feature of the Microsoft Windows Installer (MSI) to install View Transfer Server on several Windows computers. In a silent installation, you use the command line and do not have to respond to wizard prompts. Prerequisites
n
Verify that you have local administrator privileges on the Windows Server on which you will install View Transfer Server. Verify that your installation satisfies the View Transfer Server requirements described in View Transfer Server Requirements, on page 12. Verify that you have a license to install View Transfer Server and use local desktops. Verify that the virtual machine on which you install View Transfer Server has version 2.0 or later of the MSI runtime engine. For details, see the Microsoft Web site. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation properties available with View Transfer Server. See Silent Installation Properties for View Transfer Server, on page 77. Verify that the Windows Installer group policies that are required for silent installation are configured on the Windows Server computer. See Set Group Policies to Allow Silent Installation of View Transfer Server, on page 75.
n n
CAUTION Verify that the virtual machine that hosts View Transfer Server is configured with an LSI Logic Parallel SCSI controller. You cannot install View Transfer Server on a virtual machine with a SAS or VMware paravirtual controller. On Windows Server 2008 virtual machines, the LSI Logic SAS controller is selected by default. You must change this selection to an LSI Logic Parallel controller before you install the operating system.
76
VMware, Inc.
Procedure 1 Download the VMware View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.6.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.6.x-xxxxxx.exe, where xxxxxx is the build number. 2 3 Open a command prompt on the Windows Server computer. Type the installation command on one line. For example: VMware-viewconnectionserver-4.6.x-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=4" The VMware View Transfer Server, View Transfer Server Control Service, and VMware View Framework Component services are installed and started on the virtual machine. What to do next In View Administrator, add View Transfer Server to your View Manager deployment.
Silent Installation Properties for View Transfer Server

You can include specific properties when you silently install a View Transfer Server from the command line. You must use a PROPERTY=value format so that Microsoft Windows Installer (MSI) can interpret the properties and values. Table 6-2. MSI Properties for Silently Installing View Transfer Server
MSI Property INSTALLDIR Description The path and folder in which the View Connection Server software is installed. For example: INSTALLDIR=""D:\abc\my folder"" The sets of two double quotes that enclose the path permit the MSI installer to interpret the space as a valid part of the path. This MSI property is optional. VDM_SERVER_INSTANCE_ TYPE The type of View Connection Server installation: n 1. Standard installation
n n n
2. Replica installation 3. Security server installation 4. View Transfer Server installation
To install a View Transfer Server, define VDM_SERVER_INSTANCE_TYPE=4 This MSI property is optional for a standard installation. It is required for all other types of installation. SERVERDOMAIN The network domain of the virtual machine on which you install View Transfer Server. This value corresponds to the Apache Web Server network domain that is configured during an interactive installation. For example: SERVERDOMAIN=companydomain.com If you specify a custom Apache Web Server domain with the MSI property, SERVERDOMAIN, you also must specify custom SERVERNAME and SERVERADMIN properties. This MSI property is optional. None
VMware, Inc.
77
Table 6-2. MSI Properties for Silently Installing View Transfer Server (Continued)
MSI Property SERVERNAME Description The host name of the virtual machine on which you install View Transfer Server. This value corresponds to the Apache Web Server host name that is configured during an interactive installation. For example: SERVERNAME=ts1.companydomain.com If you specify a custom Apache Web Server host name with the MSI property, SERVERNAME, you also must specify custom SERVERDOMAIN and SERVERADMIN properties. This MSI property is optional. SERVERADMIN The email address of the administrator of Apache Web Server that is configured with View Transfer Server. For example: SERVERADMIN=admin@companydomain.com If you specify a custom Apache Web Server administrator with the MSI property, SERVERADMIN, you also must specify custom SERVERDOMAIN and SERVERNAME properties. This MSI property is optional. FWCHOICE The MSI property that determines whether to configure a firewall for the View Connection Server instance. A value of 1 configures a firewall. A value of 2 does not configure a firewall. For example: FWCHOICE=1 This MSI property is optional. 1 None Default Value None
78
VMware, Inc.
Configuring Certificate Authentication
You can configure certificate authentication for View Connection Server instances, security servers, and View Transfer Server instances. This chapter includes the following topics:
n n n n n n
Replacing the Default Certificate, on page 79 Add keytool and openssl to the System Path, on page 80 Use an Existing PKCS#12 Certificate and Private Key, on page 80 Convert a PKCS#12 Keystore to JKS Format, on page 82 Creating a New SSL Certificate, on page 82 Configure a View Connection Server Instance or Security Server to Use a New Certificate, on page 85 Configure a View Transfer Server Instance to Use a New Certificate, on page 86 Configure SSL for Client Connections, on page 87 Configure SSL for View Transfer Server Communications, on page 88 Using Group Policy to Configure Certificate Checking in View Client, on page 88
n n n n
Replacing the Default Certificate

A default server SSL certificate is generated when you install View Connection Server. You can use the default certificate for testing purposes. IMPORTANT Replace the default certificate as soon as possible. The default certificate is not signed by a commercial Certificate Authority (CA). Use of certificates that are not signed by a CA can allow untrusted parties to intercept traffic by masquerading as your server. View Connection Server instances, security servers, and View Transfer Server instances require a server SSL certificate if they receive SSL connections.
n
If you enable SSL for client connections, client-facing View Connection Server instances and security servers require a server SSL certificate. If you enable SSL for local mode operations and desktop provisioning, View Transfer Server instances require a server SSL certificate. If you configure smart card authentication in VMware View, client-facing View Connection Server instances and security servers require a root CA certificate in addition to a server SSL certificate.
VMware, Inc.
79
When you replace the default certificate with your own certificate, clients use your certificate to authenticate the server. If your certificate is signed by a CA, the certificate for the CA itself is typically embedded in the browser or is located in a trusted database that the client can access. After a client accepts the certificate, it responds by sending a secret key, which is encrypted with the public key contained in the certificate. The secret key is used to encrypt traffic between the client and the server. You use the keytool and openssl utilities to create and manage certificates for View.
Add keytool and openssl to the System Path

keytool and openssl are key and certificate management utilities. You must add the paths to these utiilties to the system environment Path variable so that you can run the utilities from any directory on your host.
Procedure 1 On your View Connection Server or security server host, right-click My Computer and select Properties. a b c On the Advanced tab, click Environment Variables. In the System variables group, select Path and click Edit. Type the path to the JRE directory in the Variable Value text box. Use a semicolon (;) to separate each entry from other entries in the text box. For example: install_directory\VMware\VMware View\Server\jre\bin 2 On your View Transfer Server host, right-click My Computer and select Properties. a b c On the Advanced tab, click Environment Variables. In the System variables group, select Path and click Edit. Type the paths to the JRE and Apache directories in the Variable Value text box. Use a semicolon (;) to separate each entry from other entries in the text box. For example: install_directory\VMware\VMware
View\Server\httpd\bin;install_directory\VMware\VMware View\Server\jre\bin
Click OK until the Windows System Properties dialog box closes.
Use an Existing PKCS#12 Certificate and Private Key

If your organization already has a valid server SSL certificate, you can use that certificate to replace the default server SSL certificate provided with View Connection Server. To use an existing certificate, you also need the accompanying private key. The PKCS#12 file format includes both the server certificate and the private key. If a PKCS#12 file contains a server certificate that is signed by an intermediate CA rather than by a root CA, you must convert the PKCS#12 keystore to JKS format. See Convert a PKCS#12 Keystore to JKS Format, on page 82. You can use several different tools to generate PKCS#12 files. This procedure explains how to use the Internet Information Services (IIS) Manager to generate a PKCS#12 file from an IIS certificate store, and how to use openssl to extract a PEM format certificate and private key. Prerequisites If you want to create a certificate that you can use with a View Transfer Server instance, add openssl to the system Path variable on your host. See Add keytool and openssl to the System Path, on page 80
80
VMware, Inc.
Chapter 7 Configuring Certificate Authentication
Procedure 1 On the IIS application server host, click Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager. The Internet Information Services (IIS) Manager appears. 2 3 4 5 6 7 8 To view the list of sites hosted by the server, expand the local computer entry and click Web Sites. Right-click the Web site entry that contains the certificate you want to export and select Properties. On the Directory Security tab, click Server Certificate. When the Web Server Certificate wizard appears, click Next. Select Export the current certificate to a .pfx file and click Next. Specify a filename for the certificate file and click Next. Type and confirm a password to be used to encrypt the information you want to export and click Next. The system displays summary information about the certificate you are about export. 9 10 Verify the summary information and click Next > Finish. If you want to use the certificate with a View Transfer Server instance, use openssl to export the private key and server certificate in the required PEM format. a Open a command prompt and use openssl to export the private key from your .p12 or .pfx certificate file. For example: openssl pkcs12 -in server.pfx -nocerts -out key.pem b Remove the pass phrase from the private key and save it to the file server.key. This step prevents Apache from prompting you for your pass phrase each time it is restarted. For example: openssl rsa -in key.pem -out server.key c Export the server certificate from your certificate file and save it to the file server.crt. For example: openssl pkcs12 -in server.pfx -clcerts -nokeys -out server.crt What to do next Configure your View Connection Server instance, security server, or View Transfer Server instance to use the certificate. See Configure a View Connection Server Instance or Security Server to Use a New Certificate, on page 85 or Configure a View Transfer Server Instance to Use a New Certificate, on page 86.
VMware, Inc.
81
Convert a PKCS#12 Keystore to JKS Format

If you already have a PKCS#12 keystore file and a server certificate that is signed by an intermediate CA rather than a root CA, you must convert the PKCS#12 keystore to JKS format before you can use it with View. Procedure 1 If the PKCS#12 keystore does not already contain the intermediate certificate, create the JKS keystore and add the intermediate certificate to the keystore. To avoid seeing errors from keytool, you must add the intermediate certificate to the keystore before you can add the server certificate. a b Save the intermediate certificate as intermediateCA.p7 in the directory that contains the keystore file. Import the intermediate certificate into the keystore file. For example:
keytool -importcert -keystore keys.jks -storepass secret -trustcacerts -alias intermediateCA -file intermediateCA.p7
Add the server certificate and private key from the PKCS#12 file to the JKS keystore. For example:
keytool -importkeystore -destkeystore keys.jks -deststorepass secret -srckeystore keys.p12 srcstoretype PKCS12 -srcstorepass clydenw
The keytool utility creates the JKS keystore if it does not already exist. What to do next Configure your View Connection Server instance or security server to use the certificate. See Configure a View Connection Server Instance or Security Server to Use a New Certificate, on page 85.
Creating a New SSL Certificate

You can use a self-signed certificate or a certificate signed by a CA to replace the default server SSL certificate that is provided with View Connection Server. A CA is a trusted third party that guarantees the identity of the certificate and its creator. When a certificate is signed by a trusted CA, users no longer receive messages asking them to verify the certificate, and thin client devices can connect without requiring additional configuration. If your clients need to determine the origin and integrity of the data they receive, you should obtain a CA-signed certificate rather than use a self-signed certificate. 1 Obtain a Signed Certificate from a CA for Use with a View Connection Server Instance or Security Server on page 83 To obtain a signed certificate from a CA, you must use keytool to generate a keystore file and a certificate signing request (CSR). For testing purposes, you can obtain a free temporary certificate based on an untrusted root from GlobalSign, Thawte, or VeriSign. 2 Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance on page 84 To obtain a signed certificate from a CA, you must use openssl to generate a private key file and a certificate signing request (CSR). For testing purposes, you can obtain a free temporary certificate based on an untrusted root from GlobalSign, Thawte, or VeriSign.
82
VMware, Inc.
Import an Intermediate Certificate into a Keystore File on page 84 If your server certificate is signed by an intermediate CA rather than by a root CA, you must add the intermediate certificate to the keystore before you add the server certificate.
Import a Signed Server Certificate into a Keystore File on page 85 If you obtained a signed server certificate from a CA, use keytool to import the certificate into your keystore file.
Obtain a Signed Certificate from a CA for Use with a View Connection Server Instance or Security Server
To obtain a signed certificate from a CA, you must use keytool to generate a keystore file and a certificate signing request (CSR). For testing purposes, you can obtain a free temporary certificate based on an untrusted root from GlobalSign, Thawte, or VeriSign. Prerequisites Determine the fully qualified domain name (FQDN) that client computers use to connect to the host. Procedure 1 Open a command prompt and use keytool to create a keystore file and a CSR. For example:
keytool -certreq -keyalg "RSA" -file certificate.csr -keystore keys.jks -storepass secret
If you are going to import an intermediate certificate into the keystore file, you must specify a Java keystore file. 2 When keytool prompts you for your first and last name, type the fully qualified domain name (FQDN) that client computers use to connect to the host.
Option View Connection Server instance Action Type the FQDN of the View Connection Server host if you have one View Connection Server instance. Type the FQDN of the load balancer host if you use load balancing. Type the FQDN of the security server host.
Security server
IMPORTANT If you type your name, the certificate will be invalid.

keytool creates the keystore file and the CSR file in the current directory.
Send the CSR to the CA in accordance with the CA's enrollment process and request a certificate.
After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate. What to do next If you need a certificate for a View Transfer Server instance, see Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance, on page 84. If your server certificate is signed by an intermediate CA, import the intermediate certificate into your keystore file. See Import an Intermediate Certificate into a Keystore File, on page 84. If you downloaded a server certificate, import it into your keystore file. See Import a Signed Server Certificate into a Keystore File, on page 85.
VMware, Inc.
83
Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance
To obtain a signed certificate from a CA, you must use openssl to generate a private key file and a certificate signing request (CSR). For testing purposes, you can obtain a free temporary certificate based on an untrusted root from GlobalSign, Thawte, or VeriSign. Prerequisites Determine the fully qualified domain name (FQDN) that client computers use to connect to the host. Procedure 1 Open a command prompt and use openssl to create a private key file and a CSR. For example: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr 2 When openssl prompts you for a common name, type the fully qualified domain name (FQDN) that client computers use to connect to the View Transfer Server host. IMPORTANT If you type your name, the certificate will be invalid.
openssl creates the private key file and the CSR file in the current directory.
Send the CSR to the CA in accordance with the CA's enrollment process and request a certificate in PEM format. Some CAs provide certificates in a format other than PEM. If you download this type of certificate, you must convert it to PEM format.
After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate. What to do next Configure the View Transfer Server instance to use the server SSL certificate. See Configure a View Transfer Server Instance to Use a New Certificate, on page 86.
Import an Intermediate Certificate into a Keystore File

If your server certificate is signed by an intermediate CA rather than by a root CA, you must add the intermediate certificate to the keystore before you add the server certificate. Prerequisites Request and obtain an intermediate certificate from the intermediate CA. Procedure 1 2 Save the intermediate certificate as intermediateCA.p7 in the directory that contains the keystore file. Import the intermediate certificate into the keystore file. For example:
keytool -importcert -keystore keys.jks -storepass secret -trustcacerts -alias intermediateCA file intermediateCA.p7
What to do next If you downloaded a server certificate, import it into your keystore file. See Import a Signed Server Certificate into a Keystore File, on page 85.
84
VMware, Inc.
Import a Signed Server Certificate into a Keystore File

If you obtained a signed server certificate from a CA, use keytool to import the certificate into your keystore file. Procedure 1 Copy the text file that contains your server certificate to the directory that contains your keystore file and save it as certificate.p7. For example:
-----BEGIN PKCS7----MIIF+AYJKoZIhvcNAQcCoIIF6TCCBeUCAQExADALBgk LDCCApWgAwIBAgIQTpY7DsV1n1HeMGgMjMR2PzANBgk i7coVx71/lCBOlFmx66NyKlZK5mObgvd2dlnsAP+nnS EhCsdpikSpbtdo18jUubV6z1kQ71CrRQtbi/WtdqxQE -----END PKCS7-----
Open a command prompt and use keytool to import the server certificate into the keystore file. For example:
keytool -importcert -keystore keys.jks -storepass secret -keyalg "RSA" -trustcacerts -file certificate.p7
If you specified a temporary certificate, type yes when you receive the message ... is not trusted.
Install reply anyway?. keytool generates this message because temporary certificates are not meant for production use.
What to do next Configure your View Connection Server instance or security server to use the certificate. See Configure a View Connection Server Instance or Security Server to Use a New Certificate, on page 85.
Configure a View Connection Server Instance or Security Server to Use a New Certificate
To configure a View Connection Server instance or security server to use a new server SSL certificate, you must set properties in the locked.properties file on the View Connection Server or security server host. Prerequisites Obtain an existing PKCS#12 file, export an existing Microsoft IIS SSL server certificate, or create a new SSL server certificate.
VMware, Inc.
85
Procedure 1 Copy the keystore file that contains your certificate to the SSL gateway configuration directory on the View Connection Server or security server host. For example: install_directory\VMware\VMware View\Server\sslgateway\conf\keys.jks 2 Add the keyfile, keypass, and storetype properties to the locked.properties file in the SSL gateway configuration directory on the View Connection Server or security server host. If the locked.properties file does not already exist, you must create it. a Set the keyfile property to the name of your keystore file. If you exported an existing Microsoft IIS SSL server certificate, set keyfile to the name of your PFX file. For example:
keyfile=keys.jks
Set the keypass property to the password for your keystore file. If you exported an existing Microsoft IIS SSL server certificate, set keypass to the password that you used when you exported the certificate. For example:
keypass=MY_PASS
Set the storetype property to match the type of the keystore file.
Description Set the value of storetype to pkcs12. Set the value of storetype to jks.
Option PKCS#12 or PFX file Java keystore file
For example:
storetype=jks
You must specify the storetype property for a Java keystore file. 3 Restart the View Connection Server service or Security Server service to make your changes take effect.
What to do next Install the root certificate (if not already present) and the intermediate certificate as described in Using Group Policy to Configure Certificate Checking in View Client, on page 88.
Configure a View Transfer Server Instance to Use a New Certificate

To configure a View Transfer Server instance to use a new server SSL certificate, you must copy your certificate and private key files to the View Transfer Server host. The Apache server on the View Transfer Server instance requires Base64 encoded DER (PEM) certificates. Certificate files and key files must have the extensions .crt and .key respectively. Prerequisites
n
Add openssl to the system Path variable on your host. See Add keytool and openssl to the System Path, on page 80. Obtain an existing PKCS#12 file, export an existing Microsoft IIS SSL server certificate, or create a new SSL certificate.
86
VMware, Inc.
n n
If you use an intermediate CA, obtain an intermediate certificate in PEM format. If a certificate is not in PEM format, convert it to PEM format.
Procedure 1 2 3 Stop the View Transfer Server service. Copy the server certificate, intermediate certificate (if any), and private key files to the directory install_directory\VMware\VMware View\Server\httpd\conf on the View Transfer Server host. Edit the entries for SSLCertificateFile and SSLCertificateKeyFile in the Apache configuration file httpd.conf to specify the names of the server certificate and private key files. For example:
SSLCertificateFile server.crt SSLCertificateKeyFile server.key
If you copied an intermediate certificate file to the View Transfer Server host, add an entry for the SSLCertificateChainFile directive to httpd.conf. For example:
SSLCertificateChainFile intermediateCA.crt
5 6
Restart the View Transfer Server service to make your changes take effect. Verify that the certificate is configured correctly by using your Web browser to navigate to https://transfer_server_host_address.
Configure SSL for Client Connections

To configure whether client connections use SSL when communicating with View Connection Server, you configure a global setting in View Administrator. The setting applies to View desktop clients and clients that run View Administrator. Global settings affect all client sessions that are managed by a standalone View Connection Server instance or a group of replicated instances. They are not specific to a single View Connection Server instance. If View Connection Server is configured for smart card authentication, SSL must be enabled for client connections. SSL is enabled by default for client connections. NOTE If you disable SSL for client connections, users must deselect the Use secure connection (SSL) check box in View Client before connecting to the View Connection Server host and administrators must type an HTTP URL to run View Administrator. IMPORTANT If you disable or enable SSL for client connections, all existing client connections are terminated. Choose a time to restart the View Connection Server service that is least disruptive to the desktop users. Procedure 1 2 3 In View Administrator, select View Configuration > Global Settings and click Edit. To configure SSL for client connections, select or deselect Require SSL for client connections and View Administrator. Click OK to save your changes.
VMware, Inc.
87
Restart the View Connection Server service to make your changes take effect. In a replicated group, you must restart the service on each View Connection Server instance and on each paired security server.
Reconfigure any firewalls and load balancers to permit client connections using the new SSL configuration. See the VMware View Architecture Planning document for more information.
Configure SSL for View Transfer Server Communications

To configure whether SSL is used for communications and data transfers between client computers that host local desktops and View Transfer Server, you set View Connection Server settings in View Administrator. The SSL settings for View Transfer Server communications and data transfers are specific to a single View Connection Server instance. You might want to enable SSL on an instance that services users that connect from the Internet, but disable it on an instance that is dedicated to internal users. SSL is disabled by default for View Transfer Server communications and data transfers. NOTE These SSL settings do not affect local data, which is always encrypted. Procedure 1 2 3 In View Administrator, select View Configuration > Servers. Select the View Connection Server instance and click Edit. To configure SSL for communications and data transfers between client computers that host local desktops and View Transfer Server, select or deselect Use SSL for Local Mode operations. These operations include checking in and checking out desktops and replicating data from client computers to the datacenter. 4 To configure SSL for transfers of View Composer base-image files from the Transfer Server repository to client computers that host local desktops, select or deselect Use SSL when provisioning desktops in Local Mode. Click OK to save your changes.
Your changes take effect immediately. You do not need to restart the View Transfer Server service.
Using Group Policy to Configure Certificate Checking in View Client

You can use security-related group policy settings in the View Client Configuration ADM template file (vdm_client.adm) to configure server SSL certificate checking in View Client. ADM template files for View components are installed in the install_directory\VMware\VMware
View\Server\Extras\GroupPolicyFiles directory on your View Connection Server host.
See the VMware View Administration document for information on using View Manager group policy settings.
88
VMware, Inc.
Creating an Event Database
You create an event database to record information about View Manager events. If you do not configure an event database, you must look in the log file to get information about events, and the log file contains very limited information. This chapter includes the following topics:
n n n
Add a Database and Database User for View Events, on page 89 Prepare an SQL Server Database for Event Reporting, on page 90 Configure the Event Database, on page 90
Add a Database and Database User for View Events

You create an event database by adding it to an existing database server. You can then use enterprise reporting software to analyze the events in the database. The database server for the event database can reside on a View Connection Server host itself or on a dedicated server. Alternatively, you can use a suitable existing database server, such as a server that hosts a View Composer database. NOTE You do not need to create an ODBC data source for this database. Prerequisites
n
Verify that you have a supported Microsoft SQL Server or Oracle database server on a system that a View Connection Server instance has access to. For a list of supported database versions, see Database Requirements for View Composer, on page 10. Verify that you have the required database privileges to create a database and user on the database server. If you are not familiar with the procedure to create databases on Microsoft SQL Server database servers, review the steps in Add a View Composer Database to SQL Server, on page 30. If you are not familiar with the procedure to create databases on Oracle database servers, review the steps in Add a View Composer Database to Oracle 11g or 10g, on page 32.
n n
VMware, Inc.
89
Procedure 1 2 Add a new database to the server and give it a descriptive name such as ViewEvents. Add a user for this database that has permission to create tables, views, and, in the case of Oracle, triggers and sequences, as well as permission to read from and write to these objects. For a Microsoft SQL Server database, do not use the Integrated Windows Authentication security model method of authentication. Be sure to use the SQL Server Authentication method of authentication. The database is created, but the schema is not installed until you configure the database in View Administrator. What to do next Follow the instructions in Configure the Event Database, on page 90.
Prepare an SQL Server Database for Event Reporting

Before you can use View Administrator to configure an event database on Microsoft SQL Server, you must configure the correct TCP/IP properties and verify that the server uses SQL Server Authentication. Prerequisites
n
Create an SQL Server database for event reporting. See Add a Database and Database User for View Events, on page 89. Verify that you have the required database privileges to configure the database. Verify that the database server uses the SQL Server Authentication method of authentication. Do not use Windows Authentication.
n n
Procedure 1 2 3 4 5 Open SQL Server Configuration Manager and expand SQL ServerYYYYNetwork Configuration. Select Protocols forserver_name. In the list of protocols, right-click TCP/IP and select Properties. Set the Enabled property to Yes. Verify that a port is assigned or, if necessary, assign one. For information on the static and dynamic ports and how to assign them, see the online help for the SQL Server Configuration manager. 6 Verify that this port is not blocked by a firewall.
What to do next Use View Administrator to connect the database to View Connection Server. Follow the instructions in Configure the Event Database, on page 90.
Configure the Event Database

The event database stores information about View events as records in a database rather than in a log file. You configure an event database after installing a View Connection Server instance. You need to configure only one host in a View Connection Server group. The remaining hosts in the group are configured automatically. You can use Microsoft SQL Server or Oracle database reporting tools to examine events in the database tables. For more information, see the VMware View Integration document.
90
VMware, Inc.
Chapter 8 Creating an Event Database
Prerequisites You need the following information to configure an event database:

n n n
The DNS name or IP address of the database server. The type of database server: Microsoft SQL Server or Oracle. The port number that is used to access the database server. The default is 1521 for Oracle and 1433 for SQL Server. For SQL Server, if the database server is a named instance or if you use SQL Server Express, you might need to determine the port number. See the Microsoft KB article about connecting to a named instance of SQL Server, at http://support.microsoft.com/kb/265808. The name of the event database that you created on the database server. See Add a Database and Database User for View Events, on page 89. The username and password of the user you created for this database. See Add a Database and Database User for View Events, on page 89. Use SQL Server Authentication for this user. Do not use the Integrated Windows Authentication security model method of authentication.
A prefix for the tables in the event database, for example, VE_. The prefix enables the database to be shared among View installations. NOTE You must enter characters that are valid for the database software you are using. The syntax of the prefix is not checked when you complete the dialog box. If you enter characters that are not valid for the database software you are using, an error occurs when View Connection Server attempts to connect to the database server. The log file indicates all errors, including this error and any others returned from the database server if the database name is invalid.
Procedure 1 2 3 In View Administrator, select View Configuration > Event Configuration. In the Event Database section, click Edit, enter the information in the fields provided, and click OK. (Optional) In the Event Settings window, click Edit, change the length of time to show events and the number of days to classify events as new, and click OK. These settings pertain to the length of time the events are listed in the View Administrator interface. After this time, the events are only available in the historical database tables. The Database Configuration window displays the current configuration of the event database. 4 Select Monitoring > Events to verify that the connection to the event database is successful. If the connection is unsuccessful, and error message appears. If you are using SQL Express or if you are using a named instance of SQL Server, you might need to determine the correct port number, as mentioned in the prerequisites. In the Dashboard, the System Component Status displays the event database server under the Reporting Database heading.
VMware, Inc.
91
92
VMware, Inc.
Installing and Starting View Client
You can obtain the View Client installer either from the VMware Web site or from View Portal, a Web access page provided by View Connection Server. You can set various startup options for end users after View Client is installed. This chapter includes the following topics:
n n n n n n n n
Install the Windows-Based View Client or View Client with Local Mode, on page 93 Start the Windows-Based View Client or View Client with Local Mode, on page 94 Install View Client by Using View Portal, on page 96 Install View Client on Mac OS X, on page 97 Start View Client on Mac OS X, on page 98 Set Printing Preferences for the Virtual Printer Feature on Windows Clients, on page 100 Using USB Printers, on page 101 Installing View Client Silently, on page 101
Install the Windows-Based View Client or View Client with Local Mode
End users open View Client to connect to their virtual desktops from a physical machine. You can run a Windows-based installer file to install all components of View Client. In addition to accessing virtual desktops with View Client, end users can use View Client to configure some display options if the View administrator enables these options. For example, end users can optionally choose a display protocol or window size or use their current login credentials for View authentication. View Client with Local Mode lets end users download a copy of their virtual desktop to their local computer. End users can then use the virtual desktop even when they do not have a network connection. Latency is minimized and performance is enhanced. View Client with Local Mode is the fully supported feature that in earlier releases was an experimental feature called View Client with Offline Desktop. Prerequisites
n n
Verify that you can log in as an administrator on the client system. Verify that the client system uses a supported operating system. See Supported Operating Systems for View Client and View Client with Local Mode, on page 16. Verify that View Agent is not installed. If you plan to install View Client with Local Mode, verify that your license includes View Client with Local Mode.
n n
VMware, Inc.
93
If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. Determine whether the person who uses the client device is allowed to access locally connected USB devices from a virtual desktop. If not, you must deselect the USB Redirection component that the wizard presents. If you plan to install the USB Redirection component, verify that the Windows Automatic Update feature is not turned off on the client computer. Determine whether to use the single-sign-on feature. This feature lets end users log in to View Client and their virtual desktop as the currently logged in user. Credential information that the user entered when logging in to the client system is passed to the View Connection Server instance and ultimately to the virtual desktop. Some client operating systems do not support this feature. If you do not want to require end users to supply the IP address or fully qualified domain name (FQDN) of the View Connection Server instance that hosts their virtual machine, determine the IP address or FQDN so that you can supply it during installation.
Procedure 1 2 Log in to the client system as a user with administrator privileges. On the client system, download the View Client installer file from the VMware product page at http://www.vmware.com/products/. Select the appropriate installer file, where xxxxxx is the build number.
Option View Client on 64-bit operating systems View Client on 32-bit operating systems Action Select VMware-viewclient-x86_64-4.6.x-xxxxxx.exe for View Client. Select VMware-viewclientwithlocalmode-x86_64-4.6.x-xxxxxx.exe for View Client with Local mode. Select VMware-viewclient-4.6.x-xxxxxx.exe for View Client. Select VMware-viewclientwithlocalmode-4.6.x-xxxxxx.exe for View Client with Local Mode.
3 4
To start the View Client installation program, double-click the installer file. Follow the prompts to install the components you want.
The VMware View Client service is installed on the Windows client computer. The service name for View Client is wsnm.exe. The service name for the USB component is wsnm_usbctrl.exe. What to do next Start the View Client and verify that you can log in to the correct virtual desktop. See Start the WindowsBased View Client or View Client with Local Mode, on page 94 or Install View Client by Using View Portal, on page 96.
Start the Windows-Based View Client or View Client with Local Mode
Before you have end users access their virtual desktops, test that you can log in to a virtual desktop from a client device. You can start View Client from the Start menu or a desktop shortcut on the client system. In environments where a network connection is available, the user session is authenticated by View Connection Server.
94
VMware, Inc.
Chapter 9 Installing and Starting View Client
Prerequisites
n n
Verify that View Client or View Client with Local Mode is installed on the client device. If you plan to use View Client with Local Mode, verify that your license includes View Client with Local Mode and verify that the View desktop meets the requirements for local mode. See the overview topic for setting up a local desktop deployment in the VMware View Administration document. Verify that a virtual desktop pool has been created and that the user account you plan to use is entitled to access this desktop. See the topics about creating desktop pools in the VMware View Administration document. Verify that you have the fully qualified domain name (FQDN) or IP address of the View Connection Server instance that provides access to the virtual desktop.
Procedure 1 2 3 If View Client does not start automatically after installation, double-click the desktop shortcut or click Start > Programs > VMware > VMware View Client. In the Connection Server drop-down menu, enter the host name or IP address of View Connection Server. Verify that the other optional settings in the dialog box appear as you configured them.
Option Log in as current user Description This check box is displayed or hidden according to the global setting in View Administrator. Do not select this check box if you plan to check out the View desktop for use in local mode. If this check box is selected, you must also select the global setting called Use SSL for client connections in View Administrator. If you use a secure connection, the default port is 443. If you select this check box, the next time you start View Client, the Connection Server field is disabled and you are connected to the server specified when you selected the Autoconnect check box. To deselect this check box, cancel the next dialog box that appears and click Options to display and change this setting.
Use secure connection (SSL) Port Autoconnect
4 5
Click Connect. Enter the credentials of a user who is entitled to use at least one desktop pool, select the domain, and click Login. If you type the user name using the format user@domain, the name is treated as a user principal name (UPN) because of the @ sign, and the domain drop-down menu is disabled. For information about creating desktop pools and entitling users to pools, see VMware View Administration document.
6 7
(Optional) In the Display drop-down menu, select the window size for displaying the View desktop. (Optional) To select a display protocol, click the down-arrow next to a desktop in the list, click Display Protocol, and select the protocol. This choice is available only if your View administrator has enabled it.
Select a desktop from the list of desktop pools and click Connect. View Client attempts to connect to a desktop in the specified pool.
After you are connected, the client window appears.
VMware, Inc.
95
If authentication to View Connection Server fails or if View Client cannot connect to a desktop, perform the following tasks:
n
Verify that the View Client setting for using secure (SSL) connections matches the global setting in View Administrator. For example, if the check box for secure connections is deselected on the client, the check box must also be deselected in View Administrator. Verify that the security certificate for View Connection Server is working properly. If it is not, in View Administrator, you might also see that the View Agent on desktops is unreachable and the Transfer Server status shows that it is not ready. These are symptoms of additional connection problems caused by certificate problems. Verify that the tags set on the View Connection Server instance allow connections from this user. See the VMware View Administration document. Verify that the user is entitled to access this desktop. See the VMware View Administration document. Verify that the client computer allows remote desktop connections.
n n
What to do next
n
Configure startup options. If you do not want to require end users to provide the host name or IP address of View Connection Server, or if you want to configure other startup options, use the View Client command-line options to create a desktop shortcut. See the VMware View Administration document.
Check out a desktop that can be used in local mode. End users can determine if a desktop is eligible for checkout by clicking the down-arrow next to the desktop in the list provided by View Client with Local Mode. If the desktop can be used in local mode, the Check out option appears in the context menu. Only the user who checks out the desktop can access it, even if a group is entitled to access the desktop.
Install View Client by Using View Portal

An expedient way of installing the View Client or View Client with Local Mode application is to open a browser and browse to the View Portal Web page. You can use View Portal to download the full View Client installer for both Windows and Mac client computers. As of View 4.5, View Portal installs the full View Client for Windows, with or without Local Mode, and View Client for the Mac. NOTE View Portal does not support Linux. A native client for Linux is available only through certified VMware partners. Prerequisites
n n n
Verify that you have the URL for the View Connection Server instance. Verify that you can log in as an administrator on the client system. Verify that a virtual desktop has been created and that the user account you plan to use is entitled to access this desktop. Verify that the client system uses a supported operating system. See Supported Operating Systems for View Client and View Client with Local Mode, on page 16. Verify that View Agent is not installed. If you plan to install View Client with Local Mode, verify that your license includes View Client with Local Mode.
n n
96
VMware, Inc.
If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. Determine whether the person who uses the client device is allowed to access locally connected USB devices from a virtual desktop. If not, you must deselect the USB Redirection component that the wizard presents. If you plan to install the USB Redirection component, verify that the Windows Automatic Update feature is not turned off on the client computer.
Procedure 1 2 Log in to the client system as a user with administrator privileges. Open a browser and enter the URL of the View Connection Server instance that provides access to the virtual desktop. Internet Explorer can determine whether an upgrade is available, whereas Firefox and Safari cannot. Also, in the list of installers, Internet Explorer lists 32-bit installers if the client has a 32-bit system and lists 64bit installers if the client has a 64-bit system, whereas Firefox lists both 32-bit and 64-bit installers. 3 Follow the prompts on the Web page. If the version available from View Connection Server is newer than that installed on the client device, you can choose to upgrade. If the version is the same as that on the client device, View Portal starts the View Client installed on the client computer. If you have an older version of View Client and a smart card is required for client connections, an Internet Explorer browser prompts you to insert your smart card before View Portal checks the version of your existing View Client. 4 If Internet Explorer prompts you to insert a smart card, either insert the card or click Cancel. Inserting a smart card and Cancel have the same effect. What to do next Connect to the View desktop. See Start the Windows-Based View Client or View Client with Local Mode, on page 94 or Start View Client on Mac OS X, on page 98.
Install View Client on Mac OS X

End users open View Client to connect to virtual desktops from a Mac OS X physical machine. You install View Client on Mac OS X client systems from a disk image file. Prerequisites
n
Verify that the client system uses a supported operating system. See Supported Operating Systems for View Client and View Client with Local Mode, on page 16. Verify that the Mac client system has Remote Desktop Connection version 2.0 or higher installed. The View Client disk image file includes a link to the Microsoft Remote Desktop Connection Client for Mac download page.
Procedure 1 2 Log in to the client system. On the client system, download the View Client disk image file from the VMware product page at http://www.vmware.com/products/. Select the VMware-View-Client-4.6.x-xxxxxx.dmg disk image file, where xxxxxx is the build number.
VMware, Inc.
97
Double-click the .dmg file to open it and click Agree. The contents of the disk image appear in a VMware View Client Finder window.
4 5
Open a new Finder window and navigate to the Applications folder. Drag the VMware View Client icon to the Applications folder. If you are not logged in as an administrator user, you are prompted for an administrator user name and password. You can now unmount the disk image.
What to do next Start View Client and verify that you can log in to the correct virtual desktop. See Start View Client on Mac OS X, on page 98.
Start View Client on Mac OS X

Before you have end users access their virtual desktops, test that you can log in to a virtual desktop from the Mac client system. In addition to accessing virtual desktops with View Client, end users can configure View Client settings. For example, end users can optionally choose a window size or use their current login credentials for View authentication. Prerequisites
n n
Verify that View Client is installed on the client system. Verify that a virtual desktop pool has been created and that the user account you plan to use is entitled to access this desktop. See the topics about creating desktop pools in the VMware View Administration document. Verify that you have the fully qualified domain name (FQDN) or IP address of the View Connection Server instance that provides access to the virtual desktop. Verify that the AllowDirectRDP View Agent group policy setting is enabled. This setting is enabled by default.
Procedure 1 2 In the folder where you installed View Client (typically the Applications folder), double-click VMware View Client. Select your View Connection Server from the Address drop-down menu, or enter the server host name or IP address.
98
VMware, Inc.
(Optional) Choose options for how you connect to the selected server.
Option Port Use Secure Connection (SSL) Description Specify the port number, or leave blank to use the default port for View Connection Server. Select to use a secure (SSL) connection to protect sensitive corporate information and ensure that all connections are completely encrypted. Your View administrator might have configured View Connection Server to always use a secure connection, even if you select a nonsecure connection. Select to connect directly to the current instance of View Connection Server when you start View Client. Select this option if you always connect to the same View Connection Server. If deselected, you must enter or select a View Connection Server when you start View Client.
Always connect to this server at startup
You can also supply the port and SSL options by typing them into the address field directly. For a nonSSL connection, type http://URL[:port number]. For an SSL connection, type https://URL[:port number]. 4 Click Continue. You are connected to View Connection Server and can now log in. 5 Enter your user name and password in the login dialog box. If you type the user name as user@domain, it is treated as a user principal name (UPN) because of the atsign (@), so the domain drop-down menu dims. Otherwise, you must also select a domain. 6 7 (Optional) Select Remember this password in my keychain to securely store your login credentials. Click Continue. If login is successful, the list of desktops that you are authorized to use appears. 8 9 Select a desktop from the list. (Optional) Select an option from the Display drop-down menu.
Option Full Screen Description Display the desktop over the complete monitor screen. If you select Full Screen and have multiple monitors, drag the desktop selection window to the monitor in which you want the desktop to appear. Display the desktop in a large window. Display the desktop in a small window. Use the slider in the displayed dialog box to set the window size and click Select. The size you select is added to the Display drop-down menu.
Large Window Small Window Custom
Display settings are retained the next time you open the desktop. 10 Click Continue, or click the Action menu (with the Gear icon) and select Connect.
After you are connected, the client window appears. If View Client cannot connect to the desktop, perform the following tasks:
n
Verify that the View Client setting for using secure (SSL) connections matches the global setting in View Administrator. For example, if the check box for secure connections is deselected on the client, the check box must also be deselected in View Administrator. Verify that the security certificate for View Connection Server is working properly. If it is not, in View Administrator, you might also see that the View Agent on desktops is unreachable. Verify that the tags set on the View Connection Server instance allow connections from this user. See the VMware View Administration document.
VMware, Inc.
99
n n
Verify that the user is entitled to access this desktop. See the VMware View Administration document. Verify that the client computer allows remote desktop connections.
What to do next For instructions on using View Client, see the VMware View Client Help.
Set Printing Preferences for the Virtual Printer Feature on Windows Clients
The virtual printing feature lets end users use local or network printers from a View desktop without requiring that additional print drivers be installed in the View desktop. For each printer available through this feature, you can set preferences for data compression, print quality, double-sided printing, color, and so on. After a printer is added on the local Windows computer, View adds that printer to the list of available printers on the View desktop. No further configuration is required. Users who have administrator privileges can still install printer drivers on the View desktop without creating a conflict with the virtual printer component. IMPORTANT This feature is not available for the following types of printers:
n
USB printers that are using the USB redirection feature to connect to a virtual USB port in the View desktop You must disconnect the USB printer from the View desktop in order to use the virtual printing feature with it.
The Windows feature for printing to a file Selecting the Print to file check box in a Print dialog box does not work. Using a printer driver that creates a file does work. For example, you can use a PDF writer to print to a PDF file.
Prerequisites Verify that the Virtual Printing component of View Agent is installed on the View desktop. In the View desktop file system, the drivers are located in C:\Program Files\Common Files\VMware\Drivers\Virtual Printer. Installing View Agent is one of the tasks required for preparing a virtual machine to be used as a View desktop. For more information, see the VMware View Administration document. Procedure 1 2 In the View desktop, click Start > Settings > Printers and Faxes. In the Printers and Faxes window, right-click any of the locally available printers and select Properties. On Windows 7 desktops, you might see only the default printer, even though other printers are available. To see the other printers, right-click the default printer and point to Printer properties. 3 4 5 6 In the Print Properties window, click the ThinPrint Device Setup tab and specify which settings to use. On the General tab, click Printing Preferences and edit the page and color settings. On the Advanced tab, set preferences for double-sided printing and portrait (long edge) or landscape (short edge) printing. To preview each printout on the host, enable Preview on client before printing. From this preview, you can use any printer with all its available properties. 7 On the Adjustment tab, review the settings for automatic print adjustment. VMware recommend that you retain the default settings. 8 Click OK.
100
VMware, Inc.
Using USB Printers

In a View environment, virtual printers and redirected USB printers can work together without conflict. A USB printer is a printer that is attached to a USB port on the local client system. To send print jobs to a USB printer, you can either use the USB redirection feature or use the virtual printing feature.
n
You can use the USB redirection feature to attach a USB printer to a virtual USB port in the View desktop as long as the required drivers are also installed on the View desktop. If you use this redirection feature the printer is no longer attached to the physical USB port on the client and this is why the USB printer does not appear in the list of local printers that the virtual printing feature displays. This also means that you can print to the USB printer from the View desktop but not from the local client machine.
On Windows clients, you can alternatively use the virtual printing feature to send print jobs to a USB printer. If you use the virtual printing feature you can print to the USB printer from both the View desktop and the local client, and you do not need to install print drivers on the View desktop.
Installing View Client Silently

You can install View Client silently by typing the installer filename and installation options at the command line. With silent installation, you can efficiently deploy View components in a large enterprise.
Set Group Policies to Allow Silent Installation of View Client with Local Mode
Before you can install View Client with Local Mode silently, you must configure Microsoft Windows group policies to allow installation with elevated privileges. You do not have to set these group policies to install View Client silently. These policies are required only for View Client with Local Mode. You must set Windows Installer group policies for computers and for users on the client computer. Prerequisites Verify that you have administrator privileges on the Windows client computer on which you will install View Client with Local Mode. Procedure 1 2 3 4 5 6 7 8 Log in to the client computer and click Start > Run. Type gpedit.msc and click OK. In the Group Policy Object Editor, click Local Computer Policy > Computer Configuration. Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. In the Always Install with Elevated Privileges Properties window, click Enabled and click OK. In the left pane, click User Configuration. Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. In the Always Install with Elevated Privileges Properties window, click Enabled and click OK.
What to do next Install View Client with Local Mode silently.
VMware, Inc.
101
Install View Client Silently

You can use the silent installation feature of the Microsoft Windows Installer (MSI) to install View Client or View Client with Local Mode on several Windows computers. In a silent installation, you use the command line and do not have to respond to wizard prompts. Prerequisites
n n
Verify that you can log in as an administrator on the client system. Verify that the client system uses a supported operating system. See Supported Operating Systems for View Client and View Client with Local Mode, on page 16. If you plan to install View Client with Local Mode, verify that your license includes View Client with Local Mode. If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. Determine whether to use the single-sign-on feature. This feature lets end users log in to View Client and their virtual desktop as the currently logged in user. Credential information that the user entered when logging in to the client system is passed to the View Connection Server instance and ultimately to the virtual desktop. Some client operating systems do not support this feature. If you do not want to require end users to supply the IP address or fully qualified domain name (FQDN) of the View Connection Server instance that hosts their virtual machine, determine the IP address or FQDN so that you can supply it during installation. Familiarize yourself with the MSI installer command-line options. See Microsoft Windows Installer Command-Line Options, on page 51. Familiarize yourself with the silent installation (MSI) properties available with View Client. See Silent Installation Properties for View Client, on page 103. Determine whether to allow end users to access locally connected USB devices from their virtual desktops. If not, set the MSI property, ADDLOCAL, to the list of features of interest and omit the USB feature. For details, see Silent Installation Properties for View Client, on page 103. If you install View Client with Local Mode, verify that the Windows Installer group policies that are required for silent installation are configured on the client computer. See Set Group Policies to Allow Silent Installation of View Client with Local Mode, on page 101.
102
VMware, Inc.
Procedure 1 On the client system, download the View Client installer file from the VMware product page at http://www.vmware.com/products/. Select the appropriate installer file, where xxxxxx is the build number.
Option View Client on 64-bit operating systems View Client on 32-bit operating systems Action Select VMware-viewclient-x86_64-4.6.x-xxxxxx.exe for View Client. Select VMware-viewclientwithlocalmode-x86_64-4.6.x-xxxxxx.exe for View Client with Local mode. Select VMware-viewclient-4.6.x-xxxxxx.exe for View Client. Select VMware-viewclientwithlocalmode-4.6.x-xxxxxx.exe for View Client with Local Mode.
2 3
Open a command prompt on the Windows client computer. Type the installation command on one line. This example installs View Client with single sign-on and USB redirection features. A default View Connection Server instance is configured for View Client users: VMware-viewclient-4.6.xxxxxxx.exe /s /v"/qn REBOOT=ReallySuppress VDM_SERVER=cs1.companydomain.com ADDLOCAL=Core,TSSO,USB"
This example installs View Client with Local Mode: VMware-viewclientwithlocal-4.6.xxxxxxx.exe /s /v"/qn ADDLOCAL=Core,MVDI"
NOTE The Core feature is mandatory. The VMware View Client service is installed on the Windows client computer. What to do next Start the View Client and verify that you can log in to the correct virtual desktop. See Start the WindowsBased View Client or View Client with Local Mode, on page 94 or Install View Client by Using View Portal, on page 96.
Silent Installation Properties for View Client

You can include specific properties when you silently install View Client from the command line. You must use a PROPERTY=value format so that Microsoft Windows Installer (MSI) can interpret the properties and values. Table 9-1 shows the View Client silent installation properties that you can use at the command-line. Table 9-1. MSI Properties for Silently Installing View Client
MSI Property INSTALLDIR Description The path and folder in which the View Client software is installed. For example: INSTALLDIR=""D:\abc\my folder"" The sets of two double quotes that enclose the path permit the MSI installer to interpret the space as a valid part of the path. This MSI property is optional. VDM_SERVER The fully qualified domain name (FQDN) or IP address of the View Connection Server instance to which View Client users connect by default. When you configure this property, View Client users do not have to supply this FQDN or IP address. For example: VDM_SERVER=cs1.companydomain.com This MSI property is optional. Default Value %ProgramFiles %\VMware\VMware View\Client
None
VMware, Inc.
103
Table 9-1. MSI Properties for Silently Installing View Client (Continued)
MSI Property DESKTOP_SHORTCUT Description Configures a desktop shortcut icon for View Client. A value of 1 installs the shortcut. A value of 0 does not install the shortcut. This MSI property is optional. QUICKLAUNCH_SHORTCUT Configures a shortcut icon on the quick-launch tray for View Client. A value of 1 installs the shortcut. A value of 0 does not install the shortcut. This MSI property is optional. Configures a shortcut for View Client in the Start menu. A value of 1 installs the shortcut. A value of 0 does not install the shortcut. This MSI property is optional. 1 Default Value 1
STARTMENU_SHORTCUT
In a silent installation command, you can use the MSI property, ADDLOCAL=, to specify features that the View Client installer configures. Each silent-installation feature corresponds to a setup option that you can select during an interactive installation. Table 9-2 shows the View Client features you can type at the command line and the corresponding interactiveinstallation options. Table 9-2. View Client Silent Installation Features and Interactive Custom Setup Options
Silent Installation Feature Core If you specify individual features with the MSI property, ADDLOCAL=, you must include Core. If you specify ADDLOCAL=ALL, all View Client and View Client with Local Mode features, including Core, are installed. MVDI Use this feature when you install View Client with Local Mode and specify individual features with ADDLOCAL=. If you specify ADDLOCAL=ALL, all View Client with Local Mode features, including MVDI, are installed. ThinPrint TSSO USB None. When you install View Client with Local Mode interactively, the MVDI functions are installed by default. When you install View Client interactively, the MVDI functions are not available. Virtual Printing Single Sign-on (SSO) USB Redirection Custom Setup Option in an Interactive Installation None. During an interactive installation, the core View Client functions are installed by default.
104
VMware, Inc.
Index
A
Active Directory configuring domains and trust relationships 23 preparing for smart card authentication 26 preparing for use with View 23 Active Directory groups creating for kiosk mode client accounts 24 creating for View users and administrators 24 ADM template files 26 Adobe Flash requirements 21 antivirus software, View Composer 38
how View Manager uses 63 increasing on a Windows Server computer 64 ESX hosts, View Composer 38 event database creating for View 89, 90 SQL Server configuration 90 external URLs configuring for a View Connection Server instance 62 modifying for a security server 62 purpose and format 61
B
browser requirements 9, 18
F
Firefox, supported versions 9, 18 firewall rules View Connection Server 43 View Transfer Server 75 firewalls, configuring 40
C
certificate signing requests, See CSRs certificates checking in View Client 88 configuring View Connection Server to use 85 configuring View Transfer Server to use 86 creating new 82 importing to a keystore file 85 obtaining signatures 83, 84 replacing the default 79 requirements 79 certutil command 28 client software requirements 15 CPU requirements, local mode desktops 16 CSRs, creating 83, 84
G
glossary, where to find 5 GPOs, linking to a View desktop OU 26 Group Policy Objects, See GPOs GroupPolicyFiles directory 26
H
hardware requirements local mode desktops 16 PCoIP 19 smart card authentication 21 View Connection Server 7 HP RGS 20
D
databases creating for View Composer 29 View events 89, 90 default certificate, replacing 79 direct connections, configuring 60 display requirements, local mode desktops 16 DNS resolution, View Composer 38 documentation feedback, how to provide 5 domain filtering 24
I
intermediate certificates adding to intermediate certification authorities 28 importing to a keystore file 84 Intermediate Certification Authorities policy 28 Internet Explorer, supported versions 9, 18
J
JKS keystores, converting from PKCS#12 82 JVM heap size default 68 increasing 69
E
Enterprise NTAuth store, adding root certificates 28 ephemeral ports calculating 64
VMware, Inc.
105
K
keychain 98 keyfile property 85 keypass property 85 keytool utility adding to the system path 80 creating a CSR 83 kiosk mode, Active Directory preparation 24
L
license key, View Connection Server 57 local desktop configuration adding a View Transfer Server instance 71, 73 creating a vCenter Server user 53 hardware requirements 16 privileges for vCenter Server user 56 locked.properties file 85 Log in as current user feature 94
Oracle 11g, creating a View Composer database with a script 34 Oracle 11g database adding an ODBC data source 35 adding for View Composer 32 configuring a database user 34 Oracle 9i, creating a View Composer database with a script 34 Oracle 9i database adding an ODBC data source 36 adding for View Composer 32, 33 configuring a database user 34 Oracle databases 10 organizational units, See OUs OS X, installing View Client 97 OUs creating for kiosk mode client accounts 24 creating for View desktops 24
P
page-file size, View Connection Server 69 PCoIP, hardware requirements 19 PKCS#12 keystores, converting to JKS format 82 policies Intermediate Certification Authorities 28 Restricted Groups 25 Trusted Root Certification Authorities 27 printers, setting up 100 professional services 5
M
Mac OS X, installing View Client 97 media file formats, supported 21 memory requirements, local mode desktops 16 Microsoft IIS SSL server certificates, using existing 80 Microsoft SQL Server databases 10 Microsoft Windows Installer command-line options for silent installation 51 MSI properties for View Transfer Server 77 properties for replicated View Connection Server 46 properties for security server 50 properties for View Client 103 properties for View Connection Server 42 uninstalling View Components silently 52 multimedia redirection (MMR) 21
R
RDP 20 remote display protocols HP RGS 20 PCoIP 19 RDP 20 replicated instances installing 43 installing silently 45 network requirements 9 silent installation properties 46 Restricted Groups policy, configuring 25 RGS 20 root certificates adding to the Enterprise NTAuth store 28 adding to trusted roots 27
O
ODBC connecting to Oracle 11g or 10g 35 connecting to Oracle 9i 36 connecting to SQL Server 31 openssl utility adding to the system path 80 configuring a certificate for View Transfer Server 86 creating a CSR 84 Oracle 10g, creating a View Composer database with a script 34 Oracle 10g database adding an ODBC data source 35 adding for View Composer 32 configuring a database user 34
S
security servers calculating TCB hash table size 66 configuring a pairing password 46 configuring an external URL 61 configuring to use a certificate 85 installer file 47
106
VMware, Inc.
Index
installing silently 49 modifying an external URL 62 silent installation properties 50 silent installation group policies to allow installation 75, 101 replicated instances 45 security servers 49 View Client 101, 102 View Client with Local Mode 102 View Connection Server 41 View Transfer Server 75, 76 sizing Windows Server settings calculating ephemeral ports 64 calculation worksheets 67 increasing ephemeral ports 63, 64 increasing the JVM heap size 68 increasing the TCB hash table size 67 smart card authentication Active Directory preparation 26 requirements 21 UPNs for smart card users 27 software requirements, server components 7 SQL Server database adding an ODBC data source 31 adding for View Composer 30 preparing for event database 90 SQL Server databases 10 SQL Server Management Studio Express, installing 30 SSL configuring for client connections 87 configuring for View Transfer Server communications 88 SSL certificates, See certificates storetype property 85 streaming multimedia 21 support, online and telephone 5 Sysprep, requirements for View Composer 11 system page file size, Windows Server 69
transmission control block how View uses 65 increasing size for non-security servers 66 increasing size for security servers 66 trust relationships, configuring for View Connection Server 23 Trusted Root Certification Authorities policy 27
U
uninstalling View components 52 UPNs smart card users 27 View Client 94 View Client on Mac OS X 98 View Client with Local Mode 94 USB printers 101 user accounts requirements 53 vCenter Server 24, 53 View Composer 25, 53 userPrincipalName attribute 27
V
vCenter Server configuring for View Composer 38 creating a user for local mode 53 installing the View Composer service 36 user accounts 24, 53 vCenter Server instances, adding in View Administrator 57 vCenter Server user local mode privileges 56 vCenter Server privileges 55 View Composer privileges 55 View Administrator logging in 56 overview 56 requirements 9 View Agent, installation requirements 15 View Client installation overview 93 installing on a Windows PC or laptop 93 installing on Mac OS X 97 installing silently on a Windows PC or laptop 101, 102 silent installation properties 103 starting 93, 94, 98 supported operating systems 16 using View Portal to install 96 View Client with Local Mode group policies for silent installation 101 supported operating systems 16 View clients, configuring connections 60 View components, command-line options for silent installation 51
T
TCB hash table how View uses 65 increasing size for non-security servers 66 increasing size for security servers 66 increasing size on a Windows Server computer 67 TCP ports View Connection Server 43 View Transfer Server 75 technical support and education 5 ThinPrint setup 100 Transfer Server repository, configuring 74
VMware, Inc.
107
View Composer, database requirements 10 View Composer configuration creating a user account 25 creating a vCenter Server user 24, 53 privileges for the vCenter Server user 55 settings in View Administrator 59 View Composer database ODBC data source for Oracle 11g or 10g 35 ODBC data source for Oracle 9i 36 ODBC data source for SQL Server 31 Oracle 11g and 10g 32 Oracle 9i 32, 33 requirements 29 SQL Server 30 View Composer infrastructure configuring vSphere 38 optimizing 38 testing DNS resolution 38 View Composer installation installer file 36 overview 29 requirements overview 9 virtualization software requirements 11 View Composer upgrade compatibility with vCenter Server versions 10 operating system requirements 10 requirements overview 9 View Connection Server, hardware requirements 7 View Connection Server configuration client connections 60 event database 89, 90 external URL 61, 62 first time 56 overview 39 replacing the default certificate 79 server certificate 85 sizing Windows Server settings 63 system page file size 69 trust relationships 23 View Connection Server installation installation types 39 network configuration 9 overview 39 prerequisites 39 product license key 57 replicated instances 43 requirements overview 7 security servers 47 silent 41 silent installation properties 42 single server 40
supported operating systems 8 virtualization software requirements 9 View desktops, configuring direct connections 60 View Portal, browser requirements 18 View Secure Gateway Server component, increasing the JVM heap size 69 View Transfer Server configuration adding an instance 73 Transfer Server repository 74 View Transfer Server installation group policies for silent installation 75 installer file 71 overview 71 requirements overview 12 silent 75, 76 silent installation properties 77 storage requirements 13 supported operating systems 13 virtual machine requirements 12 virtual printing feature 100 vSphere, configuring for View Composer 38
W
Web browser requirements 9, 18 Windows 7 requirements, local mode desktops 16 Windows computers, installing View Client 93 Windows Server, system page file size 69 worksheets, calculating ephemeral ports and TCB has table size 67 Wyse MMR 21
108
VMware, Inc.

View 46 Installation

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

View 46 Installation

Загружено:

Авторское право:

Доступные форматы

VMware View Installation

View 4.6 View Manager 4.6 View Composer 2.6

VMware View Installation

VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

VMware View Installation

1 System Requirements for Server Components 7

2 System Requirements for Client Components 15

3 Preparing Active Directory 23

4 Installing View Composer 29

5 Installing View Connection Server 39

VMware View Installation

6 Installing View Transfer Server 71

7 Configuring Certificate Authentication 79

8 Creating an Event Database 89

9 Installing and Starting View Client 93

VMware View Installation

VMware View Installation

System Requirements for Server Components

View Connection Server Requirements

Hardware Requirements for View Connection Server

VMware View Installation

Table 1-1. View Connection Server Hardware Requirements (Continued)

Supported Operating Systems for View Connection Server

Operating System Requirement for the PCoIP Secure Gateway

Chapter 1 System Requirements for Server Components

Virtualization Software Requirements for View Connection Server

Network Requirements for Replicated View Connection Server Instances

View Administrator Requirements

Internet Explorer 7 Internet Explorer 8 Firefox 3.0 Firefox 3.5

View Composer Requirements

VMware View Installation

Supported Operating Systems for View Composer

64-Bit Operating Systems

32-Bit Operating Systems

Database Requirements for View Composer

Chapter 1 System Requirements for Server Components

Virtualization Software Requirements for View Composer Features

VMware View Installation

View Transfer Server Requirements

Installation Requirements for View Transfer Server

Chapter 1 System Requirements for Server Components

Supported Operating Systems for View Transfer Server

Storage Requirements for View Transfer Server

VMware View Installation

System Requirements for Client Components

Supported Operating Systems for View Agent

VMware View Installation

Table 2-1. View Agent Operating System Support (Continued)

Hardware Requirements for Local Mode Desktops

Chapter 2 System Requirements for Client Components

Table 2-3. Processor Requirements

64-bit operating systems

GPU for Windows 7 Aero

VMware View Installation

Client Browser Requirements for View Portal

Internet Explorer 7 Internet Explorer 8 Firefox 3.0 Firefox 3.5

Remote Display Protocol and Software Support

Chapter 2 System Requirements for Client Components

VMware View with PCoIP

VMware View Installation

Recommended Guest Operating System Settings

Client Hardware Requirements

Chapter 2 System Requirements for Client Components